Risks

ETCD is the central key-value store of a Kubernetes cluster, holding all cluster state data. Unauthorized access to ETCD can lead to complete control over the Kubernetes cluster, as it provides admin-level access to the entire system. If ETCD is accessed by an unauthorized entity, sensitive data could be exposed, manipulated, or deleted, leading to cluster instability or a full security breach.

Since only the Kubernetes API server should have authenticated access to ETCD, any connection outside of this poses a significant security risk. Without proper security measures such as client certificate authentication, peer authentication, and encrypted communication, ETCD remains vulnerable to unauthorized access and data tampering.

To mitigate these risks, it is critical to enforce secure authentication and encryption methods for ETCD communication.