services / Google Cloud / BackendConfig custom resource definition for Google Kubernetes Engine

BackendConfig objects are reusable configurations for Kubernetes Service objects. BackendConfigs set the destination Service for incoming requests, thus they pertain to external-to-internal communications. Other ingress parameters of a BackendConfig include service response timeout, Cloud CDN, HTTP access logging, Session Affinity.

Backend Config is a piece of reusable configuration for an Ingress object. A BackendConfig does not take effect unless it is associated with an Ingress object.

container.​backendConfigs.​create

An attacker may manipulate Ingress settings if they are also allowed to associate BackendConfig objects with Ingress objects using container.ingresses.update or container.ingresses.create permissions.

Risks

1. Network destruction (HIGH)

Scope: MEDIUM

This privilege may grant access to confidential data, or its exploit can incur operational cost.