Follow the instructions in the documentation to create a Kubelet config CRD and set the anonymous-auth is set to false.
None required. Unauthenticated/Unauthorized users have no access to OpenShift nodes.
None required. Changing the clientCAFile value is unsupported.
In earlier versions of OpenShift 4, the read-only-port argument is not used. Follow the instructions in the documentation to create a Kubelet config CRD and set the –read-only-port is set to 0.
Follow the instructions in the documentation to create a Kubelet config CRD and set the –streaming-connection-idle-timeout to the desired value. Do not set the value to 0.
None required. The OpenShift 4 kubelet modifies the system tunable; using the protect-kernel-defaults flag will cause the kubelet to fail on start if the tunables don’t match the kubelet configuration and the OpenShift node will fail to start.
None required. The –make-iptables-util-chains argument is set to true by default.
By default, –hostname-override argument is not set.
Follow the documentation to edit kubelet parameters https://docs.openshift.com/container-platform/4.5/scalability_and_performance/recommended-host-practices.html#create-a-kubeletconfig-crd-to-edit-kubelet-parameters KubeAPIQPS:
OpenShift automatically manages TLS authentication for the API server communication with the node/kublet. This is not configurable.
None required.
By default, kubelet server certificate rotation is disabled.
Follow the directions above and in the OpenShift documentation to configure the tlsSecurityProfile. Configuring Ingress