services / Google Cloud / Endpoint Slice

A Kubernetes endpoint slice contains up to 100 mapping entries from an IP address and a port to target reference, mostly a Pod. The same IP and port may map to multiple Pods to describe a load balancing scheme.

Typically endpoint slices are not managed directly. Endpoint slices are a lower-level abstraction managed by a Service object. Endpoint slices are a newer addition to Kubernetes, and serve the same purpose as endpoints. However, they slice the potentially large Endpoint object into multiple smaller slices for reduced network traffic between nodes when pods are updated.


Deleting an endpoint may partially or completely disrupt public access to Kubernetes Pods.



This privilege may grant access to confidential data, or its exploit can incur operational cost.


  • https:​/​/​kubernetes.​io/​docs/​concepts/​services-​networking/​service/​#​endpoints
  • https:​/​/​kubernetes.​io/​blog/​2020/​09/​02/​scaling-​kubernetes-​networking-​with-​endpointslices/​
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog