| On the Control Plane, run the command: |
kubectl get pods --all-namespaces
The list returned is all pods running within the Kubernetes cluster. For those pods running within the user namespaces (System namespaces are kube-system, kube-node-lease and kube-public), run the command:
kubectl get pod podname -o yaml | grep -i port
Note: In the above command, "podname" is the name of the pod. For the command to work correctly, the current context must be changed to the namespace for the pod. The command to do this is:
kubectl config set-context --current --namespace=namespace-name
(Note: "namespace-name" is the name of the namespace.)
Review the ports that are returned for the pod.
If any host-privileged ports are returned for any of the pods, this is a finding.