kubeadm serves kube-scheduler and kube-controller metrics insecurely #2202
Labels
area/ecosystem
area/security
priority/important-longterm
Important over the long term, but may not be staffed and/or may need multiple releases to complete.
Milestone
kubeadm serves kube-scheduler and kube-controller manager metrics insecurely outside of localhost, as reported here:
https://kubernetes.slack.com/archives/C2P1JHS2E/p1593237397449300
i need to double check this myself, but it feels like our --bind-address=127.0.0.1 is not sufficient to disable that.
for example:
curl http://public-ip:10252/metrics
flag refs:
https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/
https://kubernetes.io/docs/reference/command-line-tools-reference/kube-scheduler/
The text was updated successfully, but these errors were encountered: