services / Google Cloud / Namespaces

Namespaces isolate resources within a Kubernetes cluster. This is a logical isolation, that allows you to group and segregate resources like Pods, Services, Deployments. Kubernetes role-based access control (RBAC) defines Roles and ClusterRoles. The former is scoped to a specific namespaces, meaning Roles only grant permissions within the scope of one namespace.


container.​namespaces.​delete

Deleting a namespace also deletes all other Kubernetes resources inside it.

Risks

Scope: CRITICAL

This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.

Links

  • https:​/​/​kubernetes.​io/​docs/​concepts/​overview/​working-​with-​objects/​namespaces/​
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog