InformationLimit the `Node` and `Pod` objects that a kubelet could modify.
Using the `NodeRestriction` plug-in ensures that the kubelet is restricted to the `Node` and `Pod` objects that it could modify as defined. Such kubelets will only be allowed to modify their own `Node` API object, and only modify `Pod` API objects that are bound to their node.
SolutionFollow the Kubernetes documentation and configure `NodeRestriction` plug-in on kubelets. Then, edit the `/etc/kubernetes/apiserver` file on the master node and set the `KUBE_ADMISSION_CONTROL` parameter to `'--admission-control=...,NodeRestriction,...'`: `KUBE_ADMISSION_CONTROL='--admission-control=...,NodeRestriction,...'`
Based on your system, restart the `kube-apiserver` service. For example: `systemctl restart kube-apiserver.service`