services / Google Cloud / Endpoints

A Kubernetes endpoint is a mapping of an IP address and a port to target reference, mostly a Pod. The same IP and port may map to multiple Pods to describe a load balancing scheme.

Typically endpoints are not managed directly. Endpoints are a lower-level abstraction managed by a Service object. Endpoint slices are a newer addition to Kubernetes, and serve the same purpose as endpoints. However, they slice the potentially large Endpoint object into multiple smaller slices for reduced network traffic between nodes when pods are updated.


container.​endpoints.​create

Creating an endpoint slice may open up access to Pods from the public Internet.

Risks

Scope: MEDIUM

This privilege may grant access to confidential data, or its exploit can incur operational cost.

Links

  • https:​/​/​kubernetes.​io/​docs/​concepts/​services-​networking/​endpoint-​slices/​
  • https:​/​/​kubernetes.​io/​blog/​2020/​09/​02/​scaling-​kubernetes-​networking-​with-​endpointslices/​
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog