Ensure the --authorization-mode argument includes node
Error: The --authorization-mode argument does not include node
Bridgecrew Policy ID: BC_K8S_53
Checkov Check ID: CKV_K8S_75
Severity: MEDIUM
The --authorization-mode argument does not include node
Description
Restrict kubelet nodes to reading only objects associated with them. The Node authorization mode only allows kubelets to read Secret, ConfigMap, PersistentVolume, and PersistentVolumeClaim objects associated with their nodes.
Fix - Buildtime
Kubernetes
- Kind: Pod
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
component: kube-apiserver
tier: control-plane
name: kube-apiserver
namespace: kube-system
spec:
containers:
- command:
+ - kube-apiserver
+ - --authorization-mode=RBAC,Node
image: gcr.io/google_containers/kube-apiserver-amd64:v1.6.0
...
Updated 6 months ago