kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update content/en/docs/concepts/security/rbac-good-practices.md 

Co-authored-by: Tim Bannister <tim@scalefactory.com>
This commit is contained in:
Iain Smart 2024-03-26 13:51:18 +00:00 committed by GitHub
parent 3f990cd272
commit 1ed331ccbb
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
content/en/docs/concepts/security/rbac-good-practices.md
View File

@ -185,8 +185,9 @@ mutating webhooks, also mutate admitted objects.
Users who can perform `patch` operations on `namespace` objects through a namespaced rolebinding can modify
labels on that namespace. In clusters where Pod Security Admission is used, this may allow a user to configure the namespace
for a more permissive policy than intended by the administrators. For clusters where network policy is used, users may be
able to gain access to services intended to be blocked.
for a more permissive policy than intended by the administrators.
For clusters where NetworkPolicy is used, users may be set labels that indirectly allow
access to services that an administrator did not intend to allow.
## Kubernetes RBAC - denial of service risks {#denial-of-service-risks}