Enabling HSTS on the Kubelet in OpenShift 4
Issue
- Nessus reports vulnerability for OCP nodes
TCP/10250: Nessus Plugin ID: 142960 - HSTS Missing From HTTPS Server (RFC 6797)
- The
Kubelet
(port 10250) is not enforcing Strict-Transport-Security Headers as defined by RFC 6797. - Is it possible to enforce HSTS for
Kubelet
?
Environment
- Red Hat OpenShift Container Platform 4.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.