Risks

  • Home
  • Security
  • Risks
  • Secure Your Kubernetes Cluster: Avoiding Risks with Kubeadm Commands

Secure Your Kubernetes Cluster: Avoiding Risks with Kubeadm Commands

Importance of Restricting Kubeadm Access

There are some commands that can have a significant negative impact on the cluster.

With

kubeadm token create --print-join-command

can be used to create a joint token at any time, allowing additional masters/workers to be added. Furthermore, kubeadm reset can cause e.g., the master to be removed, thus rendering the cluster non-functional or even destroying it. Further is

kubeadm reset 

a high security risk.

Except for the admins, who are responsible for administration and troubleshooting, no other user has any reason to run kubeadm, which explains why the command should not be allowed.


follow these measures

Design Escapes