From the course: Securing Containers and Kubernetes Ecosystem
Join today to access over 22,500 courses taught by industry experts or purchase this course individually.
Securing API server traffic - Kubernetes Tutorial
From the course: Securing Containers and Kubernetes Ecosystem
Securing API server traffic
- [Sam] Authentication and role-based access control enable users and service accounts to communicate with the API Server. But remember, Kubernetes native components also frequently communicate with the API Server. Kubelets, kube-scheduler, kube-proxy, and kube-controller-manager must connect to API Server via a secure port. These clients must also authenticate themselves. Make sure that in the API Server specification file, the insecure-port parameter is set to zero. If you set up an API Server on the default insecure-port 8080, you are allowing attackers unencrypted access to the API Server. The secure-port parameter is used to serve HTTPS traffic. Ensure that its value, if defined, is between one and 65535. In addition, ensure that the insecure-bind-address doesn't exist. API Server should be configured to serve and accept only HTTPS traffic. That will require you to set up TLS, so check out the Kubernetes…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.