catalog logoThe IAM Privilege Catalog

services / Google Cloud / Kubernetes Deployments

Control Kubernetes Deployment objects in a given cluster.

Deployments are declarative updates to Kubernetes Pods and ReplicaSets. They provide an abstraction layer that allows services to discover and connect to pods running within a Deployment. Applications can scale, load balance, and seamlessly handle changes in the underlying pod instances. Access to Deployments is sensitive because they are a primary interface for controlling applications running on Kubernetes. A Deployment specifies the container image to run, and may lead to arbitrary code execution in the cluster. A good mitigation strategy is to make Kubernetes clusters private, which effectively disables pulling images over the internet. Binary Authorization in GKE is an additional layer of security to defend against supply chain attacks. Secondly, creating or updating the replica count of Deployments drains the limited resources available to other Kubernetes workloads.

container.​deployments.​delete

Deleting a Deployment deletes its pods and ephemeral volumes. Persistent Volumes attached to the Deployment are left intact. Logs of the deleted pods disappear permanently when the pods shut down, unless they are exported to an external system for persistence.

Risks

  1. Infrastructure destruction (HIGH)
  2. Logs destruction (EVASION)

Scope: CRITICAL

This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.

Links

  • https:​/​/​cloud.​google.​com/​kubernetes-​engine/​docs/​how-​to/​private-​clusters#​pulling_​images
  • https:​/​/​cloud.​google.​com/​binary-​authorization/​docs/​setting-​up

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog