Information
Restrict kubelet nodes to reading only objects associated with them.
Rationale:
The `Node` authorization mode only allows kubelets to read `Secret`, `ConfigMap`, `PersistentVolume`, and `PersistentVolumeClaim` objects associated with their nodes.
Solution
Edit the `/etc/kubernetes/apiserver` file on the master node and set the `KUBE_API_ARGS` parameter to a value to include `--authorization-mode=Node`. One such example could be as below: `KUBE_API_ARGS='--authorization-mode=Node,RBAC'`
Based on your system, restart the `kube-apiserver` service. For example: `systemctl restart kube-apiserver.service`
Impact:
None