Hi Derek,
Thanks for your reply.
I am aware of the fact that 6443 and 10250 need to be open in a cluster.
But in my case I have a single node. So these ports do not need to be open from the "outside".
I would argue that also in a multiple node cluster environment it would be good practice to limit access to these ports to the nodes that make up the cluster.
I am now looking at network policies.