Merge pull request #7 from aquasecurity/danielsagi-patch-1

Updated services description
2026-05-13 04:36:58 +00:00 · 2018-08-06 14:18:10 +03:00
parent a190f23560 fcf983ece5
commit 306e2c83f8
1 changed files with 3 additions and 3 deletions
--- a/src/modules/discovery/kubelet.py
+++ b/src/modules/discovery/kubelet.py
@@ -12,12 +12,12 @@ urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

 """ Services """
 class ReadOnlyKubeletEvent(Service, Event):
-    """Could expose endpoints which reveal information about the node/cluster"""
+    """The read-only port on the kubelet serves health probing endpoints, and is relied upon by many kubernetes componenets"""
    def __init__(self):
        Service.__init__(self, name="Kubelet API (readonly)")

 class SecureKubeletEvent(Service, Event):
-    """Could expose endpoints which allow the attacker to access the node"""
+    """The Kubelet is the main component in every Node, all pod operations goes through the kubelet"""
    def __init__(self, cert=False, token=False, anonymous_auth=True, **kwargs):
        self.cert = cert
        self.token = token
@@ -59,4 +59,4 @@ class KubeletDiscovery(Hunter):
        if self.event.port == KubeletPorts.SECURED.value:
            self.get_secure_access()
        elif self.event.port == KubeletPorts.READ_ONLY.value:
-            self.get_read_only_access()
+            self.get_read_only_access()