You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@SeryioGonzalez not sure which version of CIS you were referring to, but in general check 4.1.7 Ensure that the certificate authorities file permissions are set to 6XX or more restrictive (Manual), has two possible conditions:
Either $CAFILE path is retrieved through the running process definition, with --client-ca-file=.
Or $CAFILE value is retrieved from the configmap variable $kubeletcafile, in case the former condition is not fulfilled.
My take is that it's better to validate the confs when they are loaded and used, however it might be relevant also to confirm where they originate from and test this origin (in your case kubelet-config.yaml).
Check 4.1.7 is based on flag --ca-file, but CA FILE can be passed in kubelet-config.yaml
The text was updated successfully, but these errors were encountered: