Inspektor Gadget: Results from the first security audit
… Reduce RBAC permissions on the DaemonSet pod — specifically the nodes/proxy GET permission, which could be leveraged for privilege escalation if the service account token is compromised. …
… Reduce RBAC permissions on the DaemonSet pod — specifically the nodes/proxy GET permission, which could be leveraged for privilege escalation if the service account token is compromised. …
… Kubernetes defines three levels: privileged unrestricted , baseline prevents known privilege escalations , and restricted heavily locked down . baseline is a good starting point since it blocks things like privileged containers and host networking without being so strict that it breaks common workl… …