Internet-Security.com TCP port 10255 details

TCP port 10255 is commonly used by Kubernetes’ kubelet as its read-only HTTP port.
In many Kubernetes versions prior to v1.20 (including default nodes in older AKS/EKS/GKE setups), kubelet exposed unauthenticated endpoints on 10255 such as /metrics, /metrics/cadvisor, /healthz, and /pods.
Prometheus deployments often scraped kubelet and cAdvisor metrics via port 10255 in those environments.
cAdvisor (integrated into kubelet) exposed container and node metrics over this port, which operations teams used for monitoring.
This port has been abused in the wild: threat actors like TeamTNT and Kinsing have scanned for exposed kubelet 10255 endpoints for reconnaissance and to aid further compromise (especially alongside misconfigured kubelet 10250 or Docker APIs).
Kubernetes disabled the kubelet read-only port by default starting in v1.20, so many modern clusters no longer expose TCP 10255.

TCP 10255