1.3.7 Ensure that the --bind-address argument is set to 127.0.0.1
Information
Do not bind the Controller Manager service to non-loopback insecure addresses. The Controller Manager API service which runs on port 10252/TCP by default is used for health and metrics information and is available without authentication or encryption. As such it should only be bound to a localhost interface, to minimize the cluster's attack surface
Solution
Edit the Controller Manager pod specification file /etc/kubernetes/manifests/kube-controller-manager.yaml on the Control Plane node and ensure the correct value for the --bind-address parameter Impact: None