Best practices

Kubernetes scheduler –bind-address is not set to localhost

Platform(s)

  • Non-platform specific

Compliance Frameworks
  • CCPA
    • ,
  • CPRA
    • ,
  • iso_27001_2022
    • ,
  • iso_27002_2022
    • ,
  • K8s CIS
    • ,
  • Mitre ATT&CK
    • ,
  • NIST 800-171
    • ,
  • NIST 800-190
    • ,
  • NIST 800-53
    • ,
  • PDPA
    • ,
  • UK Cyber Essentials

Description

It was found that the argument --bind-address in the Scheduler pod specification file is not set to the IP address ""127.0.0.1"". This argument indicates the IP address with which the Scheduler API service cummunicates. This service provides health and metrics information without an encryption or authentication. Therefore, in order to minimize attack surface, it should be bound to a localhost interface.
Need help?

Get a free Security Risk Assessment. Start today

Demo the Orca Platform

In just 10 minutes, you’ll see how Orca Security can revolutionize your cloud security strategy. Watch a recorded demo from a cloud security expert now.

Get a Demo