catalog logoThe IAM Privilege Catalog

services / Google Cloud / Kubernetes Engine API Services

Exposes /apis/apiregistration.k8s.io/v1/apiservices Kubernetes API endpoints. API Services provide a way to advertise a Kubernetes API that is implemented across multiple versions of Kubernetes. It is used to register and expose APIs for Kubernetes extensions and custom resources. It also provides a way to specify the resource schema for a custom resource, which enables client-side validation and discovery of resources.

API Services can be used to track the availability and health of API servers and extensions in the cluster. For custom resources can set the insecureSkipTLSVerify to true which allows unauthenticated communication with the custom resource's endpoints.

container.​apiServices.​get

Risks

  1. Infrastructure discovery (LOW)

Scope: LOW

This privilege allows access to data that are not meant to be public, but are otherwise not sensitive.

Contributed by P0 Security

© 2023–present P0 Security and contributors to the IAM Privilege Catalog