Profile applicability: Level 1 - Master Node
Do not use token based authentication.
The token-based authentication utilizes static tokens to authenticate requests to
               the
               apiserver. The tokens are stored in clear-text in a file on the apiserver, and cannot
               be revoked
               or rotated without restarting the apiserver. Hence, do not use static token- based
               authentication.
|  | NoteBy default,  --token-auth-fileargument is not set. | 
Impact
You will have to configure and use alternate authentication mechanisms such as certificates.
                  Static token based authentication could not be used.
Audit
Run the following command on the Control Plane node:
ps -ef | grep kube-apiserver
Verify that the 
--token-auth-file argument does not exist.Alternative Audit Method
kubectl get pod -nkube-system -lcomponent=kube-apiserver -o=jsonpath='{range
.items[]}{.spec.containers[].command} {"\n"}{end}' | grep '--token-auth-file' | grep -i false
If the exit code is '1', then the control isn't present / failed.
Remediation
Follow the documentation and configure alternate mechanisms for authentication. Then,
                  edit the
                  API server pod specification file 
/etc/kubernetes/manifests/kube-apiserver.yaml
                  on the master node and remove the --token-auth-file=<filename>
                  parameter. 
		