For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/security/default_rules/def-00k-duz.md. A documentation index is available at /llms.txt.

The kubelet configuration file should be owned by root

kubernetes

Description

Ensure that if the kubelet refers to a configuration file with the --config argument, that file is owned by root:root. The kubelet reads various parameters, including security settings, from a config file specified by the --config argument.

Remediation

  1. Run the following command based on the file located in the --config parameter:
chown root:root /etc/kubernetes/kubelet.conf