Kubernetes node's kubelet authorization-mode is set to AlwaysAllow

Workload misconfigurations

Kubernetes node’s kubelet authorization-mode is set to AlwaysAllow

Platform(s)

Compliance Frameworks

AKS CIS
CCPA
CPRA
EKS CIS
GKE CIS
iso_27001_2022
iso_27002_2022
K8s CIS
K8s OWASP Top 10
Mitre ATT&CK
NIST 800-171
NIST 800-190
NIST 800-53
PDPA
STIG K8s
UK Cyber Essentials

Description

The kubelet reads various parameters, including security settings, from a config file. When AuthorizationMode is set to 'AlwaysAllow', the kubelet service allows all authenticated requests (even anonymous ones) without needing explicit authorization checks from the apiserver. Orca has detected that the AuthorizationMode is set to 'AlwaysAllow' on {K8sNode.Vm}.

Demo the Orca Platform-> In just 10 minutes, you’ll see how Orca Security can revolutionize your cloud security strategy. Watch a recorded demo from a cloud security expert now.

Kubernetes node’s kubelet authorization-mode is set to AlwaysAllow

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS