1.1.7 Ensure that the --secure-port argument is not set to 0

Information

Do not disable the secure port.

Rationale:

The secure port is used to serve https with authentication and authorization. If you disable it, no https traffic is served and all traffic is served unencrypted.

Solution

Edit the API server pod specification file '/etc/kubernetes/manifests/kube-apiserver.yaml' on the master node and either remove the '--secure-port' parameter or set it to a different (non-zero) desired port.

Impact:

You need to set the API Server up with the right TLS certificates.

See Also

https://workbench.cisecurity.org/files/2125

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-8(1), CSCv6|14.2

Plugin: Unix

Control ID: 2d3f3aa2ebb88de666a31d5fd815167a96af3e53311939eef1838e8ac87630cb