Information
Do not always authorize all requests.
Rationale:
The API Server, can be configured to allow all requests. This mode should not be used on any production cluster.
Solution
Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml on the master node and set the --authorization-mode parameter to values other than AlwaysAllow. One such example could be as below.
--authorization-mode=RBAC
Impact:
Only authorized requests will be served.
Default Value:
By default, AlwaysAllow is not enabled.
References:
https://kubernetes.io/docs/admin/kube-apiserver/
https://kubernetes.io/docs/admin/authorization/