1.2.1 Ensure that the --anonymous-auth argument is set to false

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


Disable anonymous requests to the API server.


When enabled, requests that are not rejected by other configured authentication methods are treated as anonymous requests. These requests are then served by the API server. You should rely on authentication to authorize access and disallow anonymous requests.

If you are using RBAC authorization, it is generally considered reasonable to allow anonymous access to the API Server for health checks and discovery purposes, and hence this recommendation is not scored. However, you should consider whether anonymous discovery is an acceptable risk for your purposes.


Anonymous requests will be rejected.


Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml on the Control Plane node and set the below parameter.


Default Value:

By default, anonymous access is enabled.

See Also