Set up the kubernetes integration.
Setup TLS connection on the Kubelets.
Kubelet communication contains sensitive parameters that should remain encrypted in transit. Configure the Kubelets to serve only HTTPS traffic.
Run the following command on each node:
ps -ef | grep kubelet. Verify that the
--tls-private-key-file arguments exist and they are set as appropriate. If these arguments are not present, check that there is a Kubelet config specified by
--config and that it contains appropriate settings for
If using a Kubelet config file, edit the file to set
tlsCertFile to the location of the certificate file to use to identify this Kubelet, and
tlsPrivateKeyFile to the location of the corresponding private key file. If using command line arguments, edit the kubelet service file
/etc/systemd/system/kubelet.service.d/10-kubeadm.conf on each worker node and set the below parameters in K
Based on your system, restart the kubelet service. For example:
systemctl daemon-reload systemctl restart kubelet.service
TLS and client certificate authentication must be configured for your Kubernetes cluster deployment.
--tls-private-key-file arguments are not set. If
--tls-private-key-file are not provided, a self-signed certificate and key are generated for the public address and saved to the directory passed to
Version 6.14.2 Encrypt All Sensitive Information Over Less-trusted Networks - All communication of sensitive information over less-trusted networks should be encrypted. Whenever information flows over a network with a lower trust level, the information should be encrypted.
Version 7.14.4 Encrypt All Sensitive Information in Transit - Encrypt all sensitive information in transit.