Insecure (HTTP) access to Kubernetes API

HIGH
Source
Kube Hunter
ID
KHV006

Insecure (HTTP) access to Kubernetes API

The API Server port is accessible over plain HTTP, and therefore unencrypted and potentially insecured.

Ensure your setup is exposing kube-api only on an HTTPS port.

Do not enable kube-api’s --insecure-port flag in production.