Network misconfigurations

ACK cluster with public endpoint

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

Alibaba Cloud Container Service for Kubernetes (ACK) is a managed service compatible with Kubernetes to help users manage their containerized applications. It was detected that the Kubernetes cluster {AliCloudAckCluster} is publicly accessible. Making your cluster private will make it inaccessible from the public internet. Nodes in a private cluster do not have public IP addresses. Therefore your workloads run in an environment that is isolated from the internet. Besides security, using a private cluster will also improve the network latency and may reduce the network costs, as Alibaba Cloud charges for communication with external IPs.
  • Recommended Mitigation

    For security, latency and costs reasons it is recommended to disable public access for the cluster.