The IAM Privilege Catalogservices / Google Cloud / Kubernetes Engine Namespaces
Namespaces isolate resources within a Kubernetes cluster. This is a logical isolation, that allows you to group and segregate resources like Pods, Services, Deployments. Kubernetes role-based access control (RBAC) defines Roles and ClusterRoles. The former is scoped to a specific namespaces, meaning Roles only grant permissions within the scope of one namespace.
container.namespaces.update
Allows editing the finalizers array. See `container.namespaces.finalize` permission.
Risks
Scope: LOW
This privilege allows access to data that are not meant to be public, but are otherwise not sensitive.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog