Kubelet HTTPS Set To False
- Query id: cdc8b54e-6b16-4538-a1b0-35849dbe29cf
- Query name: Kubelet HTTPS Set To False
- Platform: Kubernetes
- Severity: High
- Category: Networking and Firewall
- URL: Github
Description¶
When using kube-apiserver command, the '--kubelet-https' flag should not be set to false
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
apiVersion: v1
kind: Pod
metadata:
name: command-demo
labels:
purpose: demonstrate-command
spec:
containers:
- name: command-demo-container
image: gcr.io/google_containers/kube-apiserver-amd64:v1.6.0
command: ["kube-apiserver"]
args: ["--kubelet-https=false"]
restartPolicy: OnFailure
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
apiVersion: v1
kind: Pod
metadata:
name: command-demo
labels:
purpose: demonstrate-command
spec:
containers:
- name: command-demo-container
image: gcr.io/google_containers/kube-apiserver-amd64:v1.6.0
command: ["kube-apiserver"]
restartPolicy: OnFailure
Negative test num. 2 - yaml file
apiVersion: v1
kind: Pod
metadata:
name: command-demo
labels:
purpose: demonstrate-command
spec:
containers:
- name: command-demo-container
image: gcr.io/google_containers/kube-apiserver-amd64:v1.6.0
command: ["kube-apiserver"]
args: ["--kubelet-https=true"]
restartPolicy: OnFailure