Kube-hunter relies on the port numbers for scan and provides the detailed information. Out of many port-numbers it scans(8001, 8080, 10250, 10255, 30000, 443, 6443, 2379) one such port number is read only port i.e., 10255 wherein as per the documentation it states that
--read-only-port int32 Default: 10255
The read-only port for the kubelet to serve on with no authentication/authorization (set to 0 to disable). (DEPRECATED: This parameter should be set via the config file specified by the Kubelet's --config flag. See https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/ for more information.)
Kube-hunter relies on this port number to provide information pertaining to the Privileged Container, Cluster Health Disclosure etc. In case, if this port 10255 is not mentioned in the kube-config file or is deprecated completely. Then how would, kube-hunter reports the vulnerabilities. Is there any alternate to get the information pertaining to the Privileged Container, Cluster Health Disclosure etc. even if the readOnlyPort: 10255 is not mentioned in the kubelet config.yaml file.
Kindly let me know if you require further details.
What are you trying to achieve
Kube-hunter relies on the port numbers for scan and provides the detailed information. Out of many port-numbers it scans(8001, 8080, 10250, 10255, 30000, 443, 6443, 2379) one such port number is read only port i.e., 10255 wherein as per the documentation it states that --read-only-port int32 Default: 10255 The read-only port for the kubelet to serve on with no authentication/authorization (set to 0 to disable). (DEPRECATED: This parameter should be set via the config file specified by the Kubelet's --config flag. See https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/ for more information.)
Kube-hunter relies on this port number to provide information pertaining to the Privileged Container, Cluster Health Disclosure etc. In case, if this port 10255 is not mentioned in the kube-config file or is deprecated completely. Then how would, kube-hunter reports the vulnerabilities. Is there any alternate to get the information pertaining to the Privileged Container, Cluster Health Disclosure etc. even if the readOnlyPort: 10255 is not mentioned in the kubelet config.yaml file.
Kindly let me know if you require further details.