Ensure that the –bind-address argument is set to 127.0.0.1
| Property | |
|---|---|
| Language |  |
| Severity |  |
Description#
The Kubernetes controller manager is configured to bind to an address other than 127.0.0.1, exposing its service on non-loopback network interfaces and making it accessible from outside the local host. This increases the risk of unauthorized access to the controller manager process.
Impact#
If exploited, attackers could potentially connect to the controller manager from outside the control plane node, allowing them to interfere with cluster operations, access sensitive data, or gain further privileges within the Kubernetes environment.
Resolution#
Edit the Controller Manager pod specification file /etc/kubernetes/manifests/kube-controller-manager.yaml on the Control Plane node and ensure the correct value for the –bind-address parameter