Why is leaving the API server's --authorization-mode=AlwaysAllow dangerous?
AIt approves every authorization request, effectively disabling authorization and least privilege
BIt forces every incoming request to fall back to anonymous authentication on the secure port
CIt disables TLS on the API server, so all authorization traffic is sent unencrypted over 6443
DIt deletes all existing RBAC Roles and RoleBindings the next time the API server is restarted
Why this is the answer
AlwaysAllow is the opposite of RBAC — any authenticated caller can do anything, making least privilege impossible. It does not force anonymous authentication, does not disable TLS, and does not delete RBAC objects.