Ensure that the –authorization-mode argument includes RBAC
| Property | |
|---|---|
| Language |  |
| Severity |  |
Description#
The Kubernetes API server is not configured with RBAC (Role-Based Access Control) in its –authorization-mode argument, which means fine-grained access control is not enforced. Without RBAC, authorization decisions may be less secure or overly permissive.
Impact#
If RBAC is not enabled, unauthorized users or processes could gain access to sensitive Kubernetes resources, modify critical configurations, or escalate privileges, increasing the risk of accidental or malicious actions that compromise cluster security.
Resolution#
Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml on the Control Plane node and set the –authorization-mode parameter to a value that includes RBAC.