Details
Do not allow all requests.
Rationale:
Setting admission control plugin AlwaysAdmit allows all requests and do not filter any requests.
Solution
Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml on the master node and set the –enable-admission-plugins parameter to a value that does not include AlwaysAdmit.
Impact:
Only requests explicitly allowed by the admissions control plugin would be served.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.