services / Google Cloud / BackendConfig custom resource definition for Google Kubernetes Engine

BackendConfig objects are reusable configurations for Kubernetes Service objects. BackendConfigs set the destination Service for incoming requests, thus they pertain to external-to-internal communications. Other ingress parameters of a BackendConfig include service response timeout, Cloud CDN, HTTP access logging, Session Affinity.

Backend Config is a piece of reusable configuration for an Ingress object. A BackendConfig does not take effect unless it is associated with an Ingress object.

container.​backendConfigs.​delete

BackendConfigs that are associated with a Service can be deleted without first removing the reference to them. Access to a Service can be disrupted by deleting a BackendConfig that is associated with a Service.

Risks

1. Network destruction (HIGH)

Scope: CRITICAL

This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.