services / Google Cloud / Frontend config custom resource definition for Google Kubernetes Engine

FrontendConfig objects configure two ingress features on Kubernetes Engine: 1) SSL proxy 2) HTTPS-to-HTTP redirect

FrontendConfig is a piece of reusable configuration for an Ingress object. A FrontendConfig does not take effect unless it is associated with an Ingress object via annotations.


An attacker may manipulate Ingress settings if they are also allowed to associate BackendConfig objects with Ingress objects using container.ingresses.update or container.ingresses.create permissions.


Scope: HIGH

This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.


  • https:​/​/​cloud.​google.​com/​kubernetes-​engine/​docs/​how-​to/​ingress-​configuration#​configuring_​ingress_​features_​through_​frontendconfig_​parameters
  • https:​/​/​cloud.​google.​com/​kubernetes-​engine/​docs/​how-​to/​ingress-​configuration#​associating_​frontendconfig_​with_​your_​ingress
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog