The IAM Privilege Catalogservices / Google Cloud / Kubernetes Engine API Services
Exposes /apis/apiregistration.k8s.io/v1/apiservices Kubernetes API endpoints. API Services provide a way to advertise a Kubernetes API that is implemented across multiple versions of Kubernetes. It is used to register and expose APIs for Kubernetes extensions and custom resources. It also provides a way to specify the resource schema for a custom resource, which enables client-side validation and discovery of resources.
API Services can be used to track the availability and health of API servers and extensions in the cluster. For custom resources can set the insecureSkipTLSVerify to true which allows unauthenticated communication with the custom resource's endpoints.
container.apiServices.update
Risks
Scope: MEDIUM
This privilege may grant access to confidential data, or its exploit can incur operational cost.
Contributed by P0 Security