Data at risk

Kubernetes API server publicly accessible

Risk Level

Hazardous (3)

Platform(s)
Compliance Frameworks

Description

The API server of {GcpGkeCluster} is publicly accessible from anywhere on the internet. This leaves the Kubernetes API server exposed to unauthorized access, reconnaissance attempts and potentially 0-day attacks.

  • Recommended Mitigation

    We recommend enabling private access to the Kubernetes API server so that all communication between your nodes and the API server stays within your VPC. You can limit the IP addresses that can access your API server from the internet, or completely disable internet access to the API server.

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.