Kube-hunter hunts for security weaknesses in Kubernetes clusters
View the Project on GitHub aquasecurity/kube-hunter
The API Server port is accessible over plain HTTP, and therefore unencrypted and potentially insecured.
Ensure your setup is exposing kube-api only on an HTTPS port.
Do not enable kube-api’s --insecure-port flag in production.