Risks

The Kubernetes API server is the core of the control plane, responsible for managing the state of objects like pods, namespaces, ConfigMaps, and events. If left unsecured, unauthorized users could gain access to the API, allowing them to manipulate the cluster and its resources. This would expose the cluster to serious risks, such as privilege escalation, data breaches, or complete system compromise.

Allowing anonymous access or exposing the API server to insecure ports or addresses can enable attackers to bypass authentication and gain admin-level control over the cluster. These vulnerabilities could lead to unauthorized access to critical cluster functions, misconfigurations, and potential breaches.

To mitigate these risks, securing API server access is critical.