Ensure that the –secure-port argument is not set to 0
| Property | |
|---|---|
| Language |  |
| Severity |  |
Description#
The Kubernetes API server is configured with the –secure-port argument set to 0, which disables secure (HTTPS) communication for the API server endpoint. This results in the API server only accepting insecure, unencrypted connections.
Impact#
Disabling secure port exposes the API server to interception and tampering of sensitive Kubernetes traffic. Attackers could eavesdrop on or manipulate API requests, potentially gaining unauthorized access or control over the Kubernetes cluster.
Resolution#
Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml on the Control Plane node and either remove the –secure-port parameter or set it to a different (non-zero) desired port.