Information
Disable anonymous requests to the Kubelet server.
Rationale:
When enabled, requests that are not rejected by other configured authentication methods are treated as anonymous requests. These requests are then served by the Kubelet server. You should rely on authentication to authorize access and disallow anonymous requests.
Solution
Edit the kubelet service file '/etc/systemd/system/kubelet.service.d/10-kubeadm.conf' on each worker node and set the below parameter in 'KUBELET_SYSTEM_PODS_ARGS' variable.
--anonymous-auth=false
Based on your system, restart the 'kubelet' service. For example:
systemctl daemon-reload
systemctl restart kubelet.service
Impact:
Anonymous requests will be rejected.