Do not always authorize all requests. Rationale: The API Server, can be configured to allow all requests. This mode should not be used on any production cluster. Impact: Only authorized requests will be served.
Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml on the master node and set the --authorization-mode parameter to values other than AlwaysAllow. One such example could be as below. --authorization-mode=RBAC Default Value: By default, AlwaysAllow is not enabled.