K8S API server configuration does not contain service-account-lookup

Best practices

K8S API server configuration does not contain service-account-lookup

Platform(s)

Compliance Frameworks

CCPA
CPRA
iso_27001_2022
iso_27002_2022
K8s CIS
K8s OWASP Top 10
NIST 800-171
NIST 800-190
NIST 800-53
PDPA
UK Cyber Essentials

Description

If --service-account-lookup is not enabled, the apiserver only verifies that the authentication token is valid, and does not validate that the service account token mentioned in the request is actually present in etcd. This allows using a service account token even after the corresponding service account is deleted. Orca has detected that the '--service-account-lookup' parameter is not enabled.

K8S API server configuration does not contain service-account-lookup

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS