1.2.16 Ensure that the --insecure-bind-address argument is not set - openshift-kube-apiserver

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


Do not bind the insecure API service.


If you bind the apiserver to an insecure address, basically anyone who could connect to it over the insecure port, would have unauthenticated and unencrypted access to your master node. The apiserver doesn't do any authentication checking for insecure binds and traffic to the Insecure API port is not encrypted, allowing attackers to potentially read sensitive data in transit.


Connections to the API server will require valid authentication credentials.



Default Value:

By default, the openshift-kube-apiserver is served over HTTPS with authentication and authorization; the secure API endpoint is bound to Note that the openshift-apiserver is not running in the host network namespace. The port is not exposed on the node, but only through the pod network.

See Also