1.2.19 Ensure that the --secure-port argument is not set to 0

Information

Do not disable the secure port.

Rationale:

The secure port is used to serve https with authentication and authorization. If you disable it, no https traffic is served and all traffic is served unencrypted.

Impact:

You need to set the API Server up with the right TLS certificates.

Solution

Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml on the master node and either remove the --secure-port parameter or set it to a different (non-zero) desired port.

Default Value:

By default, port 6443 is used as the secure port.

See Also

https://workbench.cisecurity.org/files/3371

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-8(1), CSCv6|14.2, CSCv7|14.4

Plugin: Unix

Control ID: 20af55f704e414ec9655b419fc41b73730d76cda8eb15984f200e27cf1e9bdbf