Data at risk

Kubernetes API server publicly accessible

Risk Level

Hazardous (3)

Platform(s)
Compliance Frameworks

Description

The API server of {GcpGkeCluster} is publicly accessible form anywhere on the internet. This leaves the Kubernetes API server exposed to unauthorized access, reconnaissance attempts and potentially 0-day attacks.
  • Recommended Mitigation

    We recommend enabling private access to the Kubernetes API server so that all communication between your nodes and the API server stays within your VPC. You can limit the IP addresses that can access your API server from the internet, or completely disable internet access to the API server.