The scheduler API service should not be bound to non-loopback insecure addresses

Set up the kubernetes integration.

Description

The scheduler service should not be bound to non-loopback addresses. The Scheduler API service which runs on port 10251/TCP by default is used for health and metrics information and is available without authentication or encryption. As such, it should only be bound to a localhost interface to minimize the cluster’s attack surface.

Remediation

Edit the Scheduler pod specification file /etc/kubernetes/manifests/kube-scheduler.yaml on the master node and ensure the correct value for the --bind-address parameter. For example, --bind-address=127.0.0.1.