Skip to main content

Measures

It must be clearly defined who is allowed to control which things and to what extent using the “kubectl” command. This is controlled regularly via RBAC, but it can't hurt to additionally deactivate certain commands, such as “kubectl verb”, its corresponding cluster roles and standard roles, including their bindings, as well as the “kubectl config” command, the “kubectl config” verb context and so on.