Data at risk

Kubernetes API server publicly accessible

Description

The API server of {GcpGkeCluster} is publicly accessible from anywhere on the internet. This leaves the Kubernetes API server exposed to unauthorized access, reconnaissance attempts and potentially 0-day attacks.
  • Recommended Mitigation

    We recommend enabling private access to the Kubernetes API server so that all communication between your nodes and the API server stays within your VPC. You can limit the IP addresses that can access your API server from the internet, or completely disable internet access to the API server.