@fast-piano-59234 Hi • I am trying to run Rancher provided CIS Benchmark Scan on RKE1 cluster • Downloaded report, showing few tests have failed • Scan ID is " *1.2.6*" Below is the Description: ◦ Ensure that the --kubelet-certificate-authority argument is set as appropriate (Automated) • Remediation is: ◦ Follow the Kubernetes documentation and setup the TLS connection between the apiserver and kubelets. Then, edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml on the master node and set the --kubelet-certificate-authority parameter to the path to the cert file for the certificate authority. --kubelet-certificate-authority=<ca-string> • Manifests files "*/etc/kubernetes/manifests/kube-apiserver.yaml", "/etc/kubernetes/manifests/kube-controller-manager.yaml" are* not present on my MASTER nodes of RKE cluster. HOW SHOULD I SOLVE/PASS SUCH TEST IN CIS SCAN?

Please specify Rancher and cluster version used, it will probably explain why. Latest 2.6 shows this as passed; https://ranchermanager.docs.rancher.com/v2.6/reference-guides/rancher-security/rancher-v2.6-[…]es/rke1-self-assessment-guide-with-cis-v1.6-benchmark

Rancher Version: 2.5.8 RKE Version: 1.2.13

Cluster version is missing

Oh Sorry, cluster version is 1.20.11

What is the result if you manually run what is described on https://ranchermanager.docs.rancher.com/v2.5/reference-guides/rancher-security/rancher-v2.5-[…]-guides/self-assessment-guide-with-cis-v1.6-benchmark?

I have downloaded CIS scan report in excel sheet format and id "1.2.6" shows as below.