Workload misconfigurations

Kubernetes node’s kubelet authorization-mode is set to AlwaysAllow


The kubelet reads various parameters, including security settings, from a config file. When AuthorizationMode is set to 'AlwaysAllow', the kubelet service allows all authenticated requests (even anonymous ones) without needing explicit authorization checks from the apiserver. Orca has detected that the AuthorizationMode is set to 'AlwaysAllow' on {K8sNode.Vm}.