Authentication

K8S API server authorization mode is AlwaysAllow

Risk Level

Hazardous (3)

Platform(s)
  • N/A

Compliance Frameworks

Description

It was found that the API server authorization mode is set to 'AlwaysAllow'. This mode configures the api server to allow any request.
  • Recommended Mitigation

    It is recommended change the authorization mode parameter to define authorization method.