Workload misconfigurations

Kubernetes node’s kubelet anonymous-auth flag is enabled

Risk Level

Informational (4)

Platform(s)
  • N/A

Compliance Frameworks

Description

The kubelet reads various parameters, including security settings, from a config file. When the anonymous-auth flag is enabled, requests that are not rejected by other configured authentication methods are treated as anonymous requests. These requests are then served by the Kubelet server. Orca has detected that the Anonymous-auth flag is enabled on {K8sNode.Vm}.
  • Recommended Mitigation

    Set {K8sNode}'s Kubelet's anonymous-auth flag to false.