3.1.4 Ensure that the kubelet configuration file ownership is set to root:root

Information

Ensure that if the kubelet refers to a configuration file with the --config argument, that file is owned by root:root.

Rationale:

The kubelet reads various parameters, including security settings, from a config file specified by the --config argument. If this file is specified you should restrict its file permissions to maintain the integrity of the file. The file should be owned by root:root.

Solution

Run the following command (using the config file location identied in the Audit step)

chown root:root /etc/kubernetes/kubelet.conf

Impact:

None.

Default Value:

See the GKE documentation for the default value.

See Also

https://workbench.cisecurity.org/files/2764