Network misconfigurations

K8S API server configuration allows http kubelet connections

Risk Level

Informational (4)

Platform(s)
  • N/A

Compliance Frameworks

Description

It was found that the API server allows http kubelet connections. There might be a sensitive data in the communication, which can be stolen if it will not be encrypted.
  • Recommended Mitigation

    It is recommended to set the '--kubelet-https' to true.