C-0128 - Ensure that the API Server --secure-port argument is not set to 0
Description of the the issue
The secure port is used to serve https with authentication and authorization. If you disable it, no https traffic is served and all traffic is served unencrypted.
What does this control test
Do not disable the secure port.
How to check it manually
Run the following command on the Control Plane node:
ps -ef | grep kube-apiserver
Verify that the
--secure-port argument is either not set or is set to an integer value between 1 and 65535.
Edit the API server pod specification file
/etc/kubernetes/manifests/kube-apiserver.yaml on the Control Plane node and either remove the
--secure-port parameter or set it to a different (non-zero) desired port.
You need to set the API Server up with the right TLS certificates.
By default, port 6443 is used as the secure port.
Updated 8 days ago