From 192e9cd4cde53ca9186fa756723b5018fb42c491 Mon Sep 17 00:00:00 2001
From: Spike Curtis <spike@spikecurtis.com>
Date: Thu, 21 Sep 2017 15:08:06 -0700
Subject: [PATCH] RBAC doc describes escalation of privilege via pod creation.
 (#5551)

* Added docs about privilege escalation via pod creation.

* Fix docs style.

* Update index.md

* Update index.md

* Removed line about k8s policing policy

* Update index.md
---
 docs/admin/authorization/index.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/docs/admin/authorization/index.md b/docs/admin/authorization/index.md
index 9b2d922d2b..d7a009ef3b 100644
--- a/docs/admin/authorization/index.md
+++ b/docs/admin/authorization/index.md
@@ -136,3 +136,10 @@ As of version 1.3, clusters created by kube-up.sh are configured so that the A
 {% endcapture %}
 
 {% include templates/concept.md %}
+
+## Privilege escalation via pod creation
+
+Users who have ability to create pods in a namespace can potentially escalate their privileges within that namespace.  They can create pods that access secrets the user cannot themselves read, or that run under a service account with different/greater permissions.
+
+**Caution:** System administrators, use care when granting access to pod creation.  A user granted permission to create pods (or controllers that create pods) in the namespace can: read all secrets in the namespace; read all config maps in the namespace; and impersonate any service account in the namespace and take any action the account could take. This applies regardless of authorization mode.
+{: .caution}