You have just read the kube-bench assessment report. Fix the tests that have FAIL status for the worker node configuration.
The kube-bench report gives issues such as (or close to):
- "authorisation mode is set as Always allowed"
- "Kernel defaults are not protected"
Make changes to the /var/lib/kubelet/config.yaml
Solution
### Solution
vi /var/lib/kubelet/config.yaml
change "authorization mode"
authorization:
mode: Webhook
vi /var/lib/kubelet/config.yaml
protectKernelDefaults: true
now you may exit the kubelet with :wq! and do "systemctl kubelet restart"