KHV034 - Etcd is accessible using insecure connection (HTTP)

Issue description

The etcd server (Kubernetes database) port is accessible over plain HTTP, and therefore unencrypted and potentially insecured.

Remediation

Ensure your setup is exposing etcd only on an HTTPS port by using the etcd flags --key-file and --cert-file.

References

• etcd - Transport security model
• Operating etcd clusters for Kubernetes - Securing etcd clusters