Network misconfigurations

K8S API server configuration without certificate authority

Risk Level

Informational (4)

  • N/A


It was found that the API server configuration parameter '--kubelet-certificate-authority'. Without it, the server does not validate the kubelet serving certificate which make the connection vulnerable to man-in-the-middle attack.
  • Recommended Mitigation

    It is recommended to set the '--kubelet-certificate-authority' configuration parameter.