Workload misconfigurations

Kubernetes node’s kubelet read-only-port is enabled

Risk Level

Informational (4)

Platform(s)
  • N/A

Compliance Frameworks

Description

The kubelet reads various parameters, including security settings, from a config file. The Kubelet process provides a read-only API in addition to the main Kubelet API. Unauthenticated access is provided to this read-only API which could possibly retrieve potentially sensitive information about the cluster. Orca has detected that the readOnlyPort is not turned off (has a value different than 0) on {K8sNode.Vm}.
  • Recommended Mitigation

    Set {K8sNode}'s Kubelet's readOnlyPort to 0 (disabled).