@fast-piano-59234 Hi
• I am trying to run Rancher provided CIS Benchmark Scan on RKE1 cluster
• Downloaded report, showing few tests have failed
• Scan ID is " *1.2.6*" Below is the Description:
◦ Ensure that the --kubelet-certificate-authority argument is set as appropriate (Automated)
• Remediation is:
◦ Follow the Kubernetes documentation and setup the TLS connection between the apiserver and kubelets. Then, edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml on the master node and set the --kubelet-certificate-authority parameter to the path to the cert file for the certificate authority. --kubelet-certificate-authority=<ca-string>
• Manifests files "*/etc/kubernetes/manifests/kube-apiserver.yaml", "/etc/kubernetes/manifests/kube-controller-manager.yaml" are* not present on my MASTER nodes of RKE cluster.
HOW SHOULD I SOLVE/PASS SUCH TEST IN CIS SCAN?