Information
Do not always authorize all requests.
Rationale:
The API Server, by default, allows all requests. You should restrict this behavior to only allow the authorization modes that you explicitly use in your environment. For example, if you don't use REST APIs in your environment, it is a good security best practice to switch off that capability.
Solution
Edit the API server pod specification file '/etc/kubernetes/manifests/kube-apiserver.yaml' on the master node and set the '--authorization-mode' parameter to values other than 'AlwaysAllow'. One such example could be as below.
--authorization-mode=RBAC
Impact:
Only authorized requests will be served.