Best practices

K8S API server configuration allows profiling

Risk Level

Informational (4)

Platform(s)
  • N/A

Compliance Frameworks

Description

It was found that the API server allows profiling. Profiling feature generates data to identify bottlenecks. This data can be used by attackers so unless there are bottlenecks it should not be turned on.
  • Recommended Mitigation

    It is recommended to set the '--profiling' parameter in the configuration file to false.