Information
Restrict kubelet nodes to reading only objects associated with them.
Rationale:
The Node authorization mode only allows kubelets to read Secret, ConfigMap, PersistentVolume, and PersistentVolumeClaim objects associated with their nodes.
Impact:
None
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
No remediation is required.
Default Value:
By default, in OpenShift 4.5 and earlier, the Node authorizer is compiled into the API server and is not visible. In OpenShift 4.6, authorization-mode includes Node by default.