Best practices

Kubernetes Controller Manager –bind-address is not set to localhost

Risk Level

Informational (4)

Platform(s)
  • N/A

Compliance Frameworks

Description

It was found that the argument --bind-address in the Controller Manager configuration file is not set to the IP address ""127.0.0.1"". This argument indicates the IP address with which the Controller Manager API service communicates. This service provides health and metrics information without an encryption or authentication. Therefore, in order to minimize attack surface, it should be bound to a localhost interface.
  • Recommended Mitigation

    It is recommended to edit the Controller Manager configuration file on the master node and set the parameter ""127.0.0.1"" to the --bind-address argument.