Ensure the --authorization-mode argument includes RBAC

Error: The --authorization-mode argument does not include RBAC

Bridgecrew Policy ID: BC_K8S_54
Checkov Check ID: CKV_K8S_77
Severity: LOW

The --authorization-mode argument does not include RBAC

Description

Turn on Role Based Access Control.
Role Based Access Control (RBAC) allows fine-grained control over the operations that different entities can perform on different objects in the cluster. It is recommended to use the RBAC authorization mode.

Fix - Buildtime

Kubernetes

  • Kind: Pod
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    component: kube-apiserver
    tier: control-plane
  name: kube-apiserver
  namespace: kube-system
spec:
  containers:
  - command:
+   - kube-apiserver
+   - --authorization-mode=RBAC,Node
    image: gcr.io/google_containers/kube-apiserver-amd64:v1.6.0
    ...