The debugging endpoint debug pprof is exposed over the unauthenticated Kubelet healthz port
search cancel

The debugging endpoint debug pprof is exposed over the unauthenticated Kubelet healthz port

book

Article ID: 403377

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

  • The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port

  • Able to access:2379/debug/pprof/heap?debug=1 

Environment

8.0u3

Cause

The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. 

Resolution

This is expected behavior, tied to the Kubernetes Kubelet’s read-only port exposure. Etcd exposes debug endpoints by default. Certificate-based client authentication is present as validated in /etc/kubernetes/manifests/etcd.yaml, confirming that unauthorized access would not be permitted without proper credentials.

Powered by Wolken Software