Details
Do not allow all requests.
Rationale:
Setting admission control policy to `AlwaysAdmit` allows all requests and do not filter any requests.
Solution
Edit the `/etc/kubernetes/apiserver` file on the master node and set the `KUBE_ADMISSION_CONTROL` parameter to a value that does not include `AlwaysAdmit`. Based on your system, restart the `kube-apiserver` service. For example: `systemctl restart kube-apiserver.service`
Impact:
Only requests explicitly allowed by the admissions control policy would be served.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.