The Kube-Scheduler and Kube-Controller Services Exposed on all Interfaces, Risking External Access

Problem

The kube-scheduler and kube-controller-manager services are exposed on all interfaces, potentially allowing unauthorised external access.

# lsof -i:10259
COMMAND     PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
kube-sche 10263 root    3u  IPv6  81585      0t0  TCP *:10259 (LISTEN)
...

# lsof -i:10257
COMMAND     PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
kube-cont 10102 root    3u  IPv6  44921      0t0  TCP *:10257 (LISTEN)
...

Environment

Platform9 Managed Kubernetes - PMK 5.9.3-38
Kubernetes version: 1.28.6-pmk.121

Resolution

This issue has been fixed in the PMK 5.12 release.

Additional Information

The Platform9 jira ID used to track this issue is PMK-6596. For any further details contact Platform9 support.

PreviousAbility to Define Specific CPUs/Cores for ETCD container NextCluster Stuck in Converging State due to Permission Issue with the file: user-config/.checksum

Last updated 4 months ago