Information
Do not bind to insecure port.
Rationale:
Setting up the apiserver to serve on an insecure port would allow unauthenticated and unencrypted access to your master node. It is assumed that firewall rules are set up such that this port is not reachable from outside of the cluster. But, as a defense in depth measure, you should not use an insecure port.
Solution
Edit the API server pod specification file '/etc/kubernetes/manifests/kube-apiserver.yaml' on the master node and set the below parameter.
--insecure-port=0
Impact:
All components that use the API must connect via the secured port, authenticate themselves, and be authorized to use the API.
This includes:
- kube-controller-manager
- kube-proxy
- kube-scheduler
- kubelets