Information
Use https for kubelet connections.
Rationale:
Connections from apiserver to kubelets could potentially carry sensitive data such as secrets and keys. It is thus important to use in-transit encryption for any communication between the apiserver and kubelets.
Impact:
You require TLS to be configured on apiserver as well as kubelets.
Solution
No remediation is required. OpenShift platform components use X.509 certificates for authentication. OpenShift manages the CAs and certificates for platform components. This is not configurable.
Default Value:
By default, kubelet connections are encrypted.