The Controller Manager API service should be bound to localhost

Documentos > Datadog Security > OOTB Rules > The Controller Manager API service should be bound to localhost

Set up the kubernetes integration.

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

The Controller Manager service should not be bound to a non-loopback address. The Controller Manager API service which runs on port 10252/TCP by default is used for health and metrics information and is available without authentication or encryption.

Remediation

Edit the Controller Manager pod specification file /etc/kubernetes/manifests/kube-controller-manager.yaml on the master node and ensure the correct value for the --bind-address parameter. For example, --bind-address=127.0.0.1.