AnonymousAuth True / False

Kubernetes version: 1.16.6
Cloud being used: bare-metal
Installation method: kubespray
Host OS: centos 7.7
CNI and version: Calico 3.13.2
CRI and version: Containerd 1.2.13

  1. On an existing running cluster, is there any benefit (other than obvious “absolute safety”) to disabling anonymous auth on the kube-api config? This coming from the fact that actions classified as “system:anonymous” don’t have access to anything unless you specifically create a role for it.

  2. Why is there a flag for anonymous auth true/false on both the api server and kubelet configs? Seems confusing, perhaps someone can clarify the relation and how turning one on and the other off or vice versa would affect the api interaction.