The scheduler API service should not be bound to non-loopback insecure addresses

Documentos > Datadog Security > OOTB Rules > The scheduler API service should not be bound to non-loopback insecure addresses

Set up the kubernetes integration.

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

The scheduler service should not be bound to non-loopback addresses. The Scheduler API service which runs on port 10251/TCP by default is used for health and metrics information and is available without authentication or encryption. As such, it should only be bound to a localhost interface to minimize the cluster’s attack surface.

Remediation

Edit the Scheduler pod specification file /etc/kubernetes/manifests/kube-scheduler.yaml on the master node and ensure the correct value for the --bind-address parameter. For example, --bind-address=127.0.0.1.