This message was deleted.

How was the cluster deployed. In some cases (like kubeadm), the main option is to convince the Risk section that it is needed for correct functioning and add it to a risk register / whatever the process is. (kubeadm uses info from a kube-public namespace, other methods of joining nodes might be able to avoid that. (e.g. issuing client certs for the worker nodes to join with)