4.1 Worker Node Configuration Files
4.1.1 Ensure that the kubelet service file permissions are set to 644 or more restrictive (Not Applicable)
Recommended Action
4.1.2 Ensure that the kubelet service file ownership is set to root:root (Not Applicable)
Recommended Action
4.1.3 If proxy kubeproxy.kubeconfig file exists ensure permissions are set to 644 or more restrictive (Automated)
Recommended Action
Run the below command (based on the file location on your system) on the each worker node.
For example,
chmod 644 $proxykubeconfig
4.1.4 Ensure that the proxy kubeconfig file ownership is set to root:root (Automated)
Recommended Action
Run the below command (based on the file location on your system) on the each worker node.
For example, chown root:root $proxykubeconfig
4.1.5 Ensure that the –kubeconfig kubelet.conf file permissions are set to 644 or more restrictive (Automated)
Recommended Action
By default, K3s creates $kubeletkubeconfig with 644 permissions. No manual remediation needed.
4.1.6 Ensure that the –kubeconfig kubelet.conf file ownership is set to root:root (Automated)
Recommended Action
By default, K3s creates $kubeletkubeconfig with root:root ownership. No manual remediation needed.
4.1.7 Ensure that the certificate authorities file permissions are set to 644 or more restrictive (Automated)
Recommended Action
By default, K3s creates $kubeletcafile with 644 permissions.
4.1.8 Ensure that the client certificate authorities file ownership is set to root:root (Automated)
Recommended Action
By default, K3s creates $kubeletcafile with root:root ownership.
4.1.9 Ensure that the kubelet –config configuration file has permissions set to 644 or more restrictive (Not Applicable)
Recommended Action
4.1.10 Ensure that the kubelet –config configuration file ownership is set to root:root (Not Applicable)
Recommended Action