TLS connection certificate not set up
This product is not supported for your selected
Datadog site. (
).
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
Id: fa750c81-93c2-4fab-9c6d-d3fd3ce3b89f
Cloud Provider: k8s
Framework: Kubernetes
Severity: Medium
Category: Networking and Firewall
Learn More
Description
TLS connection certificate files should be set up.
Compliant Code Examples
apiVersion: v1
kind: Pod
metadata:
name: command-demo
labels:
purpose: demonstrate-command
spec:
containers:
- name: command-demo-container
image: gcr.io/google_containers/kube-apiserver-amd64:v1.6.0
command: ["kube-apiserver"]
args: ["--tls-cert-file=someFile.txt","--tls-private-key-file=someFile.txt"]
restartPolicy: OnFailure
{
"kind": "KubeletConfiguration",
"apiVersion": "kubelet.config.k8s.io/v1beta1",
"port": 10250,
"readOnlyPort": 10255,
"cgroupDriver": "cgroupfs",
"hairpinMode": "promiscuous-bridge",
"serializeImagePulls": false,
"tlsCertFile": "someFile.txt",
"tlsPrivateKeyFile": "someFile.txt",
"featureGates": {
"RotateKubeletClientCertificate": true,
"RotateKubeletServerCertificate": true
}
}
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
address: "192.168.0.8"
port: 20250
serializeImagePulls: false
tlsCertFile: "someFile.txt"
tlsPrivateKeyFile: "someFile.txt"
evictionHard:
memory.available: "200Mi"
Non-Compliant Code Examples
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
address: "192.168.0.8"
port: 20250
serializeImagePulls: false
evictionHard:
memory.available: "200Mi"
apiVersion: v1
kind: Pod
metadata:
name: command-demo
labels:
purpose: demonstrate-command
spec:
containers:
- name: command-demo-container
image: gcr.io/google_containers/kube-apiserver-amd64:v1.6.0
command: ["kube-apiserver"]
args: []
restartPolicy: OnFailure
