16 lines
1.2 KiB
Plaintext
16 lines
1.2 KiB
Plaintext
Allowing command execution (exec) for roles in a Kubernetes cluster can pose a significant security risk. This is because it provides the user with the ability to execute arbitrary commands within a container, potentially leading to unauthorized access or data breaches.
|
|
|
|
In a production Kubernetes cluster, exec permissions are typically unnecessary due to the principle of least privilege, which suggests that a user or process should only have the minimum permissions necessary to perform its function. Additionally, containers in production are often treated as immutable infrastructure, meaning they should not be changed once deployed. Any changes should be made to the container image, which is then used to deploy a new container.
|
|
|
|
== Ask Yourself Whether
|
|
|
|
* This role is given to people who are not administrators of the Kubernetes cluster.
|
|
|
|
There is a risk if you answered yes to this question.
|
|
|
|
== Recommended Secure Coding Practices
|
|
|
|
Disable exec privileges for this role.
|
|
The `exec` permissions are set by allowing the `create` verb for the `pods/exec` resource.
|
|
Removing this permission will prevent users and services from executing arbitrary commands within containers.
|