Details
Do not allow all requests.
Rationale:
Setting admission control plugin ‘AlwaysAdmit’ allows all requests and do not filter any requests.
Solution
Edit the API server pod specification file ‘/etc/kubernetes/manifests/kube-apiserver.yaml’ on the master node and set the ‘–enable-admission-plugins’ parameter to a value that does not include ‘AlwaysAdmit’.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.