Measures

By default, it gives the following directories to own important information about the cluster:

-> /etc/kubernetes/

-> /var/lib/kubelet/

-> /etc/sysconfig/kubelet

-> ./kube/config.yaml

These directories are only relevant for troubleshooting. Therefore, there should be no access rights for non-admin users for these paths. Since all paths are immediately visible with "systemctl cat kubelet", "systemctl" should only be possible for admins of the cluster.

Furthermore, these directories are mounted in the corresponding pods by configmaps in the kube-system namespace. Therefore, access to the configmaps should also be restricted to the kube-system namespace.