Kubernetes clusters should be accessible only over HTTPS

What does this mean?

This recommendation ensures that all communication with Kubernetes clusters uses HTTPS. Unencrypted HTTP traffic can be intercepted, exposing sensitive data such as credentials and API tokens.

Benefits of implementation

• Protects data in transit from eavesdropping
• Prevents credential theft through man-in-the-middle attacks
• Required by CIS Kubernetes Benchmark

Drawbacks and considerations

• Requires TLS certificate management
• May require updating existing ingress configurations
• Self-signed certificates can cause issues with automated tooling

Implementation

Implementation guidance coming soon.

Related recommendations

Related recommendations will be linked here.