Information
Ensure that if the kubelet refers to a configuration file with the --config argument, that file is owned by root:root.
Rationale:
The kubelet reads various parameters, including security settings, from a config file specified by the --config argument. If this file is specified you should restrict its file permissions to maintain the integrity of the file. The file should be owned by root:root.
Impact:
None
Solution
Run the following command (using the config file location identified in the Audit step)
chown root:root /etc/kubernetes/kubelet.conf
Default Value:
By default, /var/lib/kubelet/config.yaml file as set up by kubeadm is owned by root:root.