Workload misconfigurations

Kubernetes node’s kubelet read-only-port is enabled

Description

The kubelet reads various parameters, including security settings, from a config file. The Kubelet process provides a read-only API in addition to the main Kubelet API. Unauthenticated access is provided to this read-only API which could possibly retrieve potentially sensitive information about the cluster. Orca has detected that the readOnlyPort is not turned off (has a value different than 0) on {K8sNode.Vm}.