Skip to content

The --authorization-mode argument is set to AlwaysAllow

Description

Do not always authorize all requests. The API Server, can be configured to allow all requests. This mode should not be used on any production cluster.

Fix - Buildtime

Kubernetes

  • Kind: Pod
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    component: kube-apiserver
    tier: control-plane
  name: kube-apiserver
  namespace: kube-system
spec:
  containers:
  - command:
+   - kube-apiserver
+   - --authorization-mode=RBAC,node
    image: gcr.io/google_containers/kube-apiserver-amd64:v1.6.0
    ...