kubelet - Ensure that the --read-only-port is secured

An XCCDF Rule

Details
Profiles
Prose

Description

Disable the read-only port.

Rationale

The Kubelet process provides a read-only API in addition to the main Kubelet API. Unauthenticated access is provided to this read-only API which could possibly retrieve potentially sensitive information about the cluster.

ID: xccdf_org.ssgproject.content_rule_kubelet_read_only_port_secured_master
Severity: Medium
References: CIP-003-8 R6 CIP-004-6 R3 CIP-007-3 R6.1

CM-6 CM-6(1)
Updated: about 1 year ago