Unauthenticated/unauthorized users should have no access to OpenShift nodes.
The Kubelet should be set to only allow Webhook authorization.
To ensure that the Kubelet requires authorization,
validate that authorization
is configured to Webhook
in /etc/kubernetes/kubelet/kubelet-config.json
:
authorization:
mode: Webhook
...