Kube-hunter hunts for security weaknesses in Kubernetes clusters
View the Project on GitHub aquasecurity/kube-hunter
An attacker could read and write data from a pod via the kubelet’s /portForward endpoint. This endpoint is exposed as part of the kubelet’s debug handlers.
Disable --enable-debugging-handlers kubelet flag.