Beyond RBAC: Additional Security Measures
RBAC in Kubernetes is only cumulative, i.e., you can only whitelist. Further, certain commands are not containable with RBAC, e.g.
kubectl config view
kubectl cluster-info
Both commands give essential information about the cluster.
The most "dangerous" commands are:
kubectl get cm -n kube-system
The whole configfiles (zm the kubelet- or kubeadmconfig) are configmaps and are therefore visible.
kubectl cluster-info #not advisable!
#Provides every information about the cluster
kubectl config <Verb>
Gives either insight to the clusterconfig, allows to edit or change the contexts or create them.
kubectl delete <Verb>
Deletes Kubernetes objects
Here it must be clearly defined who is allowed to control what and to what extent with kubectl. This is done with RBAC, but it does not hurt to additionally exclude commands such as "kubectl verb", its corresponding ClusterRoles and Roles, including Bindings, kubectl config view, kubectl config verb context etc. just to be extra sure.