1.1.6 Ensure that the --insecure-port argument is set to 0

Information

Do not bind to insecure port.

Rationale:

Setting up the apiserver to serve on an insecure port would allow unauthenticated and unencrypted access to your master node. This would allow attackers who could access this port, to easily take control of the cluster.

Solution

Edit the API server pod specification file '/etc/kubernetes/manifests/kube-apiserver.yaml' on the master node and set the below parameter.

--insecure-port=0

See Also

https://workbench.cisecurity.org/files/2421

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-4, CSCv6|9.1, CSCv7|9.2

Plugin: Unix

Control ID: 9a6ccb5486bcc4151e4020fbb6f892dfab06de38d37af0286523d34e09bc59a1