* Enabled the NodeRestriction Admission Controller.
* Configured the default terminated-pod-gc-threshold in the
controller-manager.
* Disable repair-malformed-updates.
* Disable anonymous-auth in the Kubelet.
* Further restrict permissions for contents of /etc/kubernetes and
/var/lib/etcd.
Change-Id: I112652a5aa7bde054de253234f65755d90ab65ad