Best practices

K8S API server configuration tls communication not configured

Risk Level

Hazardous (3)

Platform(s)
  • N/A

Compliance Frameworks

Description

API server communication contains sensitive parameters that should remain encrypted in transit. Configure the API server to serve only HTTPS traffic. Orca has detected that the '--tls-cert-file' or '--tls-private-key-file' are not set to a valid cert and key files.
  • Recommended Mitigation

    It is recommended to set the '--tls-cert-file' and '--tls-private-key-file' parameters in the configuration file to a valid certificate and key files.