In order to further automate CIS compliance, we need to create several KubeletConfig remediations. The intent is to automate these and have them relevantly tested in CI.

Instructions

• apply the cis and cis-node benchmarks
• Check which checks failed (there will most likely be a lot of kubelet-related ones)
• Fix what can be fixed

Notes

• protectKernelDefaults is complicated, I suggest you skip that one

Acceptance Criteria

When applying the CIS benchmark, there will be very minimal checks that need to be fixed.