Skip to content

kubelet-insecure-tls flag

The --kubelet-insecure-tls flag is a command-line argument used within the args section of the Kubernetes Metrics Server deployment configuration.^[400-devops__06-Kubernetes__k8s-ithelp__Day24__README.md]

Purpose

The primary function of this flag is to disable the verification of the Certificate Authority (CA) for serving certificates presented by Kubelets.^[400-devops__06-Kubernetes__k8s-ithelp__Day24__README.md] In the context of TLS (Transport Layer Security), setting this flag effectively instructs the Metrics Server to trust the kubelet's certificate without validating it against a known CA, bypassing standard security checks.

Usage

This configuration is added to the container arguments in the Deployment manifest for the Metrics Server:

spec:
  containers:
    - args:
      - --kubelet-insecure-tls

It is frequently required in local development environments, such as Docker-Desktop, where proper certificates are not configured by default.^[400-devops__06-Kubernetes__k8s-ithelp__Day24__README.md]

Security Implications

Because this flag disables certificate verification, it is intended strictly for testing purposes and environments where security policies allow for unverified connections.^[400-devops__06-Kubernetes__k8s-ithelp__Day24__README.md]

Sources

^[400-devops__06-Kubernetes__k8s-ithelp__Day24__README.md]