- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
",t};e.buildCustomizationMenuUi=t;function n(e){let t='
",t}function s(e){let n=e.filter.currentValue||e.filter.defaultValue,t='${e.filter.label}
`,e.filter.options.forEach(s=>{let o=s.id===n;t+=``}),t+="${e.filter.label}
`,t+=`Classification:
compliance
Framework:
cis-kubernetes
Control:
4.2.10
Set up the kubernetes integration.
Setup TLS connection on the Kubelets.
Kubelet communication contains sensitive parameters that should remain encrypted in transit. Configure the Kubelets to serve only HTTPS traffic.
Run the following command on each node: ps -ef | grep kubelet
. Verify that the --tls-cert-file
and --tls-private-key-file
arguments exist and they are set as appropriate. If these arguments are not present, check that there is a Kubelet config specified by --config
and that it contains appropriate settings for tlsCertFile
and tlsPrivateKeyFile
.
If using a Kubelet config file, edit the file to set tlsCertFile
to the location of the certificate file to use to identify this Kubelet, and tlsPrivateKeyFile
to the location of the corresponding private key file. If using command line arguments, edit the kubelet service file /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
on each worker node and set the below parameters in KUBELET_CERTIFICATE_ARGS
variable.
--tls-cert-file=<path/to/tls-certificate-file>
--tls-private-key-file=<path/to/tls-key-file>
Based on your system, restart the kubelet service. For example: systemctl daemon-reload systemctl restart kubelet.service
TLS and client certificate authentication must be configured for your Kubernetes cluster deployment.
By default, --tls-cert-file
and --tls-private-key-file
arguments are not set. If --tls-cert-file
and --tls-private-key-file
are not provided, a self-signed certificate and key are generated for the public address and saved to the directory passed to --cert-dir
.
Version 6.14.2 Encrypt All Sensitive Information Over Less-trusted Networks - All communication of sensitive information over less-trusted networks should be encrypted. Whenever information flows over a network with a lower trust level, the information should be encrypted.
Version 7.14.4 Encrypt All Sensitive Information in Transit - Encrypt all sensitive information in transit.