Complexity and Maintenance Burden with ABAC
ABAC (Attribute-Based Access Control) policies can become highly complex and difficult to maintain. Managing these policies requires access to the master host VM and manual changes in the configuration file, which increases the risk of errors and makes scaling difficult in large teams.
Impact: Misconfigurations can lead to unauthorized access or overly permissive policies. ABAC requires a cluster API restart for policy changes to take effect, which could cause temporary downtime.
Security Risk: SSH access to the master node is needed for modifications, which increases the risk of unauthorized system-level changes or accidental system misconfigurations.
Security Risks of Excessive Permissions with RBAC Misconfigurations
If not configured properly, RBAC (Role-Based Access Control) can grant users excessive permissions, allowing them to perform actions beyond their required role.
Users may be able to list, create, update, or delete Kubernetes resources they should not have access to, leading to potential data loss, security breaches, or unintentional system downtime.
Incorrect permissions can lead to privilege escalation, where a compromised user or malicious actor gains control over critical parts of the cluster, compromising both data and functionality.
