Ensure the --insecure-port argument is set to 0
Error: The --insecure-port argument is not set to 0
Bridgecrew Policy ID: BC_K8S_64
Checkov Check ID: CKV_K8S_88
Severity: HIGH
The --insecure-port argument is not set to 0
Description
Do not bind to insecure port. Setting up the apiserver to serve on an insecure port would allow unauthenticated and unencrypted access to your master node. This would allow attackers who could access this port, to easily take control of the cluster.
Fix - Buildtime
Kubernetes
- Kind: Pod
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
component: kube-apiserver
tier: control-plane
name: kube-apiserver
namespace: kube-system
spec:
containers:
- command:
+ - kube-apiserver
+ - --insecure-port=0
image: gcr.io/google_containers/kube-apiserver-amd64:v1.6.0
...
Updated 6 months ago