Kubernetes API Server Should Be Configured With Restricted Access
- Former user (Deleted)
Analytics
Description:
To ensure that only applications from allowed networks, machines, or subnets can access your cluster, restrict access to your Kubernetes API server. You can restrict access by defining authorized IP ranges, or by setting up your API servers as private clusters as explained in https://docs.microsoft.com/azure/aks/private-clusters
Solution/Reference:
To manually configure authorized IP ranges, follow the steps in Secure access to the API server using authorized IP address ranges in Azure Kubernetes Service (AKS). If your existing cluster uses a Basic SKU Load Balancer, you'll need to redeploy or migrate to a new AKS cluster using the Standard SKU Load Balancer as explained in Moving from a basic SKU load balancer to standard SKU. If you decide not to redeploy, and you want to move these clusters to the 'not applicable' tab, follow the steps inCreate an exemption rule