Worker Node Configuration Files

4.1 Worker Node Configuration Files

4.1.1 Ensure that the kubelet service file permissions are set to 644 or more restrictive (Not Scored)

Recommended Action

This control cannot be modified in GKE.

4.1.2 Ensure that the kubelet service file ownership is set to root:root (Not Scored)

Recommended Action

This control cannot be modified in GKE.

4.1.3 Ensure that the proxy kubeconfig file permissions are set to 644 or more restrictive (Scored)

Recommended Action

Run the below command (based on the file location on your system) on each worker node. For example, chmod 644 $proxykubeconfig

4.1.4 Ensure that the proxy kubeconfig file ownership is set to root:root (Scored)

Recommended Action

Run the below command (based on the file location on your system) on each worker node. For example, chown root:root $proxykubeconfig

4.1.5 Ensure that the kubelet.conf file permissions are set to 644 or more restrictive (Not Scored)

Recommended Action

This control cannot be modified in GKE.

4.1.6 Ensure that the kubelet.conf file ownership is set to root:root (Not Scored)

Recommended Action

This control cannot be modified in GKE.

4.1.7 Ensure that the certificate authorities file permissions are set to 644 or more restrictive (Not Scored)

Recommended Action

This control cannot be modified in GKE.

4.1.8 Ensure that the client certificate authorities file ownership is set to root:root (Not Scored)

Recommended Action

This control cannot be modified in GKE.

4.1.9 Ensure that the kubelet configuration file has permissions set to 644 or more restrictive (Scored)

Recommended Action

Run the following command (using the config file location identified in the Audit step) chmod 644 $kubeletconf

4.1.10 Ensure that the kubelet configuration file ownership is set to root:root (Scored)

Recommended Action

Run the following command (using the config file location identified in the Audit step) chown root:root $kubeletconf