Best practices

K8S API server without RBAC authorization

Risk Level

Informational (4)

Platform(s)
  • N/A

Compliance Frameworks

Description

It was found that RBAC authorization is not set in the k8s api server configuration file. Role Based Access Control (RBAC) allows control in the operations that an entity can execute in the cluster.
  • Recommended Mitigation

    It is recommended to include 'RBAC' authorization in the authorization mode parameter in the configuration file.