services / Google Cloud / APIServices

API Services provide a way to advertise a Kubernetes API that is implemented across multiple versions of Kubernetes. It is used to register and expose APIs for Kubernetes extensions and custom resources. It also provides a way to specify the resource schema for a custom resource, which enables client-side validation and discovery of resources.

API Services can be used to track the availability and health of API servers and extensions in the cluster. For custom resources can set the insecureSkipTLSVerify to true which allows unauthenticated communication with the custom resource's endpoints.


container.​apiServices.​delete

Only API Services that expose custom CRDs can be deleted. API Services automanaged by Kubernetes, such as core v1, apps/v1, batch/v1, extensions/v1beta1 APIs cannot be deleted or modified.

Risks

Scope: MEDIUM

This privilege may grant access to confidential data, or its exploit can incur operational cost.

Contributed by P0 Security

© 2023–present P0 Security and contributors to the IAM Privilege Catalog