1.2.18 Ensure that the --secure-port argument is not set to 0 - KubeApiServers

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


Do not disable the secure port.


The secure port is used to serve https with authentication and authorization. If you disable it, no https traffic is served and all traffic is served unencrypted.


You need to set the API Server up with the right TLS certificates.



Default Value:

By default, the openshift-kube-apiserver is served over HTTPS with authentication and authorization; the secure API endpoint is bound to Note that the openshift-apiserver is not running in the host network namespace. The port is not exposed on the node, but only through the pod network.

The OpenShift platform manages the TLS certificates for the API servers. External access is only available through the load balancer and then through the internal service.

See Also