Note: to enable this control run Kubescape with host sensor (see here)
ArmoBest, MITRE, NSA, AllControls
By default, requests to the kubelet's HTTPS endpoint that are not rejected by other configured authentication methods are treated as anonymous requests, and given a username of system:anonymous and a group of system:unauthenticated.
Reading the kubelet command lines and configuration file looking for anonymous-auth configuration. If this configuration is set on both, the command line values take precedence over it.
Start the kubelet with the --anonymous-auth=false flag.
Updated 15 days ago