Profile applicability: Level 1 - Master Node
Do not always authorize all requests.
The API Server, can be configured to allow all requests. This mode should not be used
               on any
               production cluster.
|  | NoteBy default,  AlwaysAllowis not enabled. | 
Impact
Only authorized requests will be served.
Audit
Run the following command on the Control Plane node:
ps -ef | grep kube-apiserver
Verify that the 
--authorization-mode argument exists and is not set to
                  AlwaysAllow.Remediation
Edit the API server pod specification file
                  
/etc/kubernetes/manifests/kube-apiserver.yaml on the Control Plane node and
                  set the --authorization-mode parameter to values other than
                  AlwaysAllow. Example below:--authorization-mode=RBAC
 
		