- 필수 기능
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- 디지털 경험
- 소프트웨어 제공
- 보안
- 로그 관리
- 관리
- 인프라스트럭처
- ci
- containers
- csm
- ndm
- otel_guides
- overview
- slos
- synthetics
- tests
- 워크플로
Kubelets can be configured to allow all authenticated requests (even anonymous ones) without needing explicit authorization checks from the apiserver. You should restrict this behavior and only allow explicitly authorized requests.
Choose a remediation method from below. For both steps, a restart of the Kubelet service is required.
/etc/kubernetes/kubelet/kubelet-config.json
"authentication": { "webhook": { "enabled": true } }
"authorization": { "mode": "Webhook" }
KUBELET_ARGS
variable string.--authentication-token-webhook
--authorization-mode=Webhook