K8S API server configuration tls communication not configured

Best practices

K8S API server configuration tls communication not configured

Risk Level

Hazardous (3)

Platform(s)

Compliance Frameworks

CCPA
CPRA
ISO/IEC 27001
K8s CIS
K8s OWASP Top 10
Mitre ATT&CK
New Zealand Information Security Manual
NIST 800-171
NIST 800-190
NIST 800-53
PDPA
STIG K8s
UK Cyber Essentials

Description

API server communication contains sensitive parameters that should remain encrypted in transit. Configure the API server to serve only HTTPS traffic. Orca has detected that the '--tls-cert-file' or '--tls-private-key-file' are not set to a valid cert and key files.

Recommended Mitigation

It is recommended to set the '--tls-cert-file' and '--tls-private-key-file' parameters in the configuration file to a valid certificate and key files.

K8S API server configuration tls communication not configured

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS