Back to all scenarios
Scenario #284
Security
Kubernetes v1.20, Bare Metal

Kubelet Port Exposed on Public Interface

Kubelet was accidentally exposed on port 10250 to the public internet, allowing unauthenticated metrics and logs access.

Find this helpful?
What Happened

Network misconfiguration led to open Kubelet ports without authentication. Attackers scraped pod logs and exploited the /exec endpoint.

Diagnosis Steps
  • 1Scanned node ports using nmap.
  • 2Discovered open port 10250 without TLS.
  • 3Verified logs and metrics access externally.
Root Cause

Kubelet served insecure API without proper firewall rules.

Fix/Workaround
• Enabled Kubelet authentication and authorization.
• Restricted access via firewall and node security groups.
Lessons Learned

Never expose internal components publicly.

How to Avoid
  • 1Audit node ports regularly.
  • 2Harden Kubelet with authN/authZ and TLS.
Previous ScenarioNext Scenario