Risk Level: High
Cloud Entity: Node
CloudGuard Rule ID: D9.K8S.CRY.44
Covered by Spectral: No
KubernetesNode should have kubeletData.kubeletconfig.tlsCipherSuites isEmpty() or kubeletData.kubeletconfig.tlsCipherSuites contain-all ['TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256' and 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256' and 'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305' and 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384' and 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305' and 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384' and 'TLS_RSA_WITH_AES_256_GCM_SHA384' and 'TLS_RSA_WITH_AES_128_GCM_SHA256']
Follow the directions in the OpenShift documentation to configure the tlsSecurityProfile.
A node is a worker machine in Kubernetes, previously known as a minion. A node may be a VM or physical machine, depending on the cluster. Each node contains the services necessary to run pods and is managed by the master components. The services on a node include the container runtime, kubelet and kube-proxy.
- CIS Kubernetes Benchmark v1.24
- CIS OpenShift Container Platform v4 Benchmark v1.1.0
- OpenShift Container Platform v3
Updated 3 months ago