Use NodeRestriction admission controller
Info
ID: MS-M9027
MITRE mitigation: -
NodeRestriction admission controller limits the permissions of kubelet and allows it to modify only its own Node object and only the pods that are running on its own node. This may limit attackers who have access to the Kubelet API from gaining full control over the cluster.
Techniques Addressed by Mitigation
| ID | Name | Use |
|---|---|---|
| MS-TA9030 | Access Kubelet API | Limit Kubelet permissions to pods and nodes |