1.2.20 Ensure that the --secure-port argument is not set to 0

Information

Do not disable the secure port.

Rationale:

The secure port is used to serve https with authentication and authorization. If you disable it, no https traffic is served and all traffic is served unencrypted.

Impact:

You need to set the API Server up with the right TLS certificates.

Solution

Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml on the master node and either remove the --secure-port parameter or set it to a different (non-zero) desired port.

Default Value:

By default, port 6443 is used as the secure port.

See Also

https://workbench.cisecurity.org/files/2968

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-8, CSCv6|14.2, CSCv7|14.4

Plugin: Unix

Control ID: 3c126cbfc0c486e41dce48053b2b81a4e05c71aeac282d4ebe44a4c052d6bd98