The API Server, can be configured to allow all requests. This mode should not be used on any production cluster.
Do not always authorize all requests.
Run the following command on the Control Plane node:
ps -ef | grep kube-apiserver
Verify that the
--authorization-mode argument exists and is not set to
Edit the API server pod specification file
/etc/kubernetes/manifests/kube-apiserver.yaml on the Control Plane node and set the
--authorization-mode parameter to values other than
AlwaysAllow. One such example could be as below.
Only authorized requests will be served.
AlwaysAllow is not enabled.
Updated 27 days ago