An EKS's Kubelet should use TLS authentication
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Description
Disable anonymous requests to the Kubelet server. You should rely on authentication to authorize access and disallow anonymous requests to prevent unwanted actions in your cluster.
Choose a remediation method from below. For both steps, a restart of the Kubelet service is required.
Kubelet config file
- Add the json below to this file:
/etc/kubernetes/kubelet/kubelet-config.json
"authentication": { "x509": {"clientCAFile": "<path/to/client-ca-file>" }}"
Executable arguments
- Edit the kubelet service file on each worker node and ensure the below parameters are part of the
KUBELET_ARGS variable string.
--client-ca-file=<path/to/client-ca-file>
