Information
Do not always authorize all requests.
Rationale:
The API Server, can be configured to allow all requests. This mode should not be used on any production cluster.
Impact:
Only authorized requests will be served.
Solution
Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml on the master node and set the --authorization-mode parameter to values other than AlwaysAllow. One such example could be as below.
--authorization-mode=RBAC
Default Value:
By default, AlwaysAllow is not enabled.