C-0128 - Ensure that the API Server --secure-port argument is not set to 0





Description of the the issue

The secure port is used to serve https with authentication and authorization. If you disable it, no https traffic is served and all traffic is served unencrypted.

Related resources


What does this control test

Do not disable the secure port.

How to check it manually

Run the following command on the Control Plane node:

ps -ef | grep kube-apiserver

Verify that the --secure-port argument is either not set or is set to an integer value between 1 and 65535.


Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml on the Control Plane node and either remove the --secure-port parameter or set it to a different (non-zero) desired port.

Impact Statement

You need to set the API Server up with the right TLS certificates.

Default Value

By default, port 6443 is used as the secure port.


No example