Secure Your Kubernetes Cluster: Avoiding Risks with Kubeadm Commands
Secure Your Kubernetes Cluster: Avoiding Risks with Kubeadm Commands
Importance of Restricting Kubeadm Access
There are some commands that can have a significant negative impact on the cluster.
With
kubeadm token create --print-join-command
can be used to create a joint token at any time, allowing additional masters/workers to be added. Furthermore, kubeadm reset can cause e.g., the master to be removed, thus rendering the cluster non-functional or even destroying it. Further is
kubeadm reset
a high security risk.
Except for the admins, who are responsible for administration and troubleshooting, no other user has any reason to run kubeadm, which explains why the command should not be allowed.