The scheduler API service should not be bound to non-loopback insecure addresses

Documentos > Datadog Security > OOTB Rules > The scheduler API service should not be bound to non-loopback insecure addresses

Set up the kubernetes integration.

Esta página aún no está disponible en español. Estamos trabajando en su traducción.
Si tienes alguna pregunta o comentario sobre nuestro actual proyecto de traducción, no dudes en ponerte en contacto con nosotros.

Description

The scheduler service should not be bound to non-loopback addresses. The Scheduler API service which runs on port 10251/TCP by default is used for health and metrics information and is available without authentication or encryption. As such, it should only be bound to a localhost interface to minimize the cluster’s attack surface.

Remediation

Edit the Scheduler pod specification file /etc/kubernetes/manifests/kube-scheduler.yaml on the master node and ensure the correct value for the --bind-address parameter. For example, --bind-address=127.0.0.1.