TF 0509 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Ensure that the --kubelet-certificate-authority argument is set as appropriate
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
Description
The Kubernetes API server is missing the --kubelet-certificate-authority argument, which means it does not verify the kubelet's TLS certificate before connecting. This weakens the security of the communication channel between the API server and kubelets.
Impact
Without certificate verification, attackers could impersonate kubelets, potentially intercepting or manipulating communication between the API server and worker nodes. This could lead to unauthorized access, data leakage, or disruption of cluster operations.
Resolution
Follow the Kubernetes documentation and setup the TLS connection between the apiserver and kubelets.