api-server — API Server
28 findings in the API Server component
V-242378The Kubernetes API Server must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination.
V-242382The Kubernetes API Server must enable Node,RBAC as the authorization mode.
V-242386The Kubernetes API server must have the insecure port flag disabled.
V-242388The Kubernetes API server must have the insecure bind address not set.
V-242389The Kubernetes API server must have the secure port set.
V-242390The Kubernetes API server must have anonymous authentication disabled.
V-242400The Kubernetes API server must have Alpha APIs disabled.
V-242402The Kubernetes API Server must have an audit log path set.
V-242403Kubernetes API Server must generate audit records that identify what type of event has occurred, identify the source of the event, contain the event results, identify any users, and identify any containers associated with the event.
V-242410The Kubernetes API Server must enforce ports, protocols, and services (PPS) that adhere to the Ports, Protocols, and Services Management Category Assurance List (PPSM CAL).
V-242413The Kubernetes etcd must enforce ports, protocols, and services (PPS) that adhere to the Ports, Protocols, and Services Management Category Assurance List (PPSM CAL).
V-242418The Kubernetes API server must use approved cipher suites.
V-242419Kubernetes API Server must have the SSL Certificate Authority set.
V-242422Kubernetes API Server must have a certificate for communication.
V-242429Kubernetes etcd must have the SSL Certificate Authority set.
V-242430Kubernetes etcd must have a certificate for communication.
V-242431Kubernetes etcd must have a key file for secure communication.
V-242436The Kubernetes API server must have the ValidatingAdmissionWebhook enabled.
V-242438Kubernetes API Server must configure timeouts to limit attack surface.
V-242461Kubernetes API Server audit logs must be enabled.
V-242462The Kubernetes API Server must be set to audit log max size.
V-242463The Kubernetes API Server must be set to audit log maximum backup.
V-242464The Kubernetes API Server audit log retention must be set.
V-242465The Kubernetes API Server audit log path must be set.
V-245542Kubernetes API Server must disable basic authentication to protect information in transit.
V-245543Kubernetes API Server must disable token authentication to protect information in transit.
V-245544Kubernetes endpoints must use approved organizational certificate and key pair to protect information in transit.
V-254800Kubernetes must have a Pod Security Admission control file configured.