services / Google Cloud / Kubernetes Engine Nodes

Nodes are physical or virtual machines that serve as a worker in the cluster. Nodes provide the underlying pool of CPU, memory, storage, and network connectivity resources for running containers and other tasks assigned by the control plane.

Kubernetes Engine can be configured in multiple ways, and the configuration has a significant impact on Node security. In general, nodes should not be publicly accessible, block ssh access if possible (already enforced in AutoPilot mode), isolation between containers running on the same node, isolation between the host operating system on the node and the workload running inside a container, performing timely upgrades of the node OS, Kubernetes, and the container runtime.


Deleting a node immediately destroys all workloads running on it. This is an unsafe action and is likely to disrupt normal operations. Instead, a node can be cordoned to prevent new pods from being scheduled on it. Cordoning requires the `container.nodes.update` permission. To safely move workloads to other nodes, the node must be drained. The `kubectl drain` command uses listing commands (list pods, replicasets, daemonsets, etc.), and the `container.pods.evict` permission.



This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.


  • https:​/​/​kubernetes.​io/​docs/​concepts/​architecture/​nodes/​
  • https:​/​/​cloud.​google.​com/​kubernetes-​engine/​docs/​concepts/​security-​overview
  • https:​/​/​kubernetes.​io/​docs/​concepts/​architecture/​nodes/​#​manual-​node-​administration
  • https:​/​/​kubernetes.​io/​docs/​tasks/​administer-​cluster/​safely-​drain-​node/​
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog