Ensure AKS has an API Server Authorized IP Ranges enabled
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | container |
| Provider | Azure |
| Vulnerability Type | omission |
Description#
The AKS cluster’s API server is accessible from any IP address because no authorized IP ranges are configured, leaving the management endpoint exposed to the public internet.
Impact#
Without restricted IP ranges, malicious actors can attempt to access and compromise the Kubernetes API server, potentially gaining control over the cluster, exposing sensitive workloads, and disrupting services.
Resolution#
Limit the access to the API server to a limited IP range