Details
Turn on Role Based Access Control.
Rationale:
Role Based Access Control (RBAC) allows fine-grained control over the operations that different entities can perform on different objects in the cluster. It is recommended to use the RBAC authorisation mode.
Solution
Edit the API server pod specification file ‘/etc/kubernetes/manifests/kube-apiserver.yaml’ on the master node and set the ‘–authorization-mode’ parameter to a value that includes ‘RBAC’, for example:
–authorization-mode=Node,RBAC
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system Unix.