1.1.21 Ensure that the Kubernetes PKI key file permissions are set to 600

Information

Ensure that Kubernetes PKI key files have permissions of 600.

Rationale:

Kubernetes makes use of a number of key files as part of the operation of its components. The permissions on these files should be set to 600 to protect their integrity and confidentiality.

Impact:

None

Solution

Run the below command (based on the file location on your system) on the Control Plane node. For example,

chmod -R 600 /etc/kubernetes/pki/*.key

Default Value:

By default, the keys used by Kubernetes are set to have permissions of 600

See Also

https://workbench.cisecurity.org/benchmarks/12958