services / Google Cloud / BackendConfig custom resource definition for Google Kubernetes Engine

BackendConfig objects are reusable configurations for Kubernetes Service objects. BackendConfigs set the destination Service for incoming requests, thus they pertain to external-to-internal communications. Other ingress parameters of a BackendConfig include service response timeout, Cloud CDN, HTTP access logging, Session Affinity.

Backend Config is a piece of reusable configuration for an Ingress object. A BackendConfig does not take effect unless it is associated with an Ingress object.


For BackendConfigs that are associated with Service, an update may remove a Cloud Armor Security Policy or route requests to a non-existent or malicious service.



This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.

Contributed by P0 Security

© 2023–present P0 Security and contributors to the IAM Privilege Catalog