services / Azure / Kubernetes Pods
Kubernetes Pod objects on an AKS managed cluster, the running unit of workload execution; their specs include container images, command/args, environment variables, and references to mounted secrets, configmaps, volumes, and service accounts.
Pod specs frequently embed or reference credentials and sensitive configuration, and pods carry service-account tokens granting in-cluster and cloud identity.
Microsoft.ContainerService/managedClusters/pods/delete
Deleting pods terminates running workloads, disrupting the services they host and tearing down the compute units backing applications.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog