Run Kubescape with host sensor (see here)
Disabling public IP addresses on cluster nodes restricts access to only internal networks, forcing attackers to obtain local network access before attempting to compromise the underlying Kubernetes hosts.
Disable public IP addresses for cluster nodes, so that they only have private IP addresses. Private Nodes are nodes with no public IP addresses.
az aks create \ --resource-group <private-cluster-resource-group> \ --name <private-cluster-name> \ --load-balancer-sku standard \ --enable-private-cluster \ --network-plugin azure \ --vnet-subnet-id <subnet-id> \ --docker-bridge-address \ --dns-service-ip \ --service-cidr
--enable-private-cluster is a mandatory flag for a private cluster.
To enable Private Nodes, the cluster has to also be configured with a private master IP range and IP Aliasing enabled.
Private Nodes do not have outbound access to the public internet. If you want to provide outbound Internet access for your private nodes, you can use Cloud NAT or you can manage your own NAT gateway.
Updated 6 days ago