Best practices

Kubernetes Controller Manager –use-service-account-credentials argument is not set to true

Risk Level

Informational (4)

Platform(s)
  • N/A

Compliance Frameworks

Description

It was found that the argument --use-service-account-credentials in the Controller Manager configuration file is not set to True. Setting this argument to true, with the combination of RBAC, ensuring that control loops run with the minimum permissions required and thus adhering to the principal of least privilege.
  • Recommended Mitigation

    It is recommended to edit the Controller Manager configuration file on the master node and set the parameter ""True"" to the --use-service-account-credentials argument.