3 posts tagged with "Kubernetes"

Kubernetes pods/exec

August 18, 2025 · 8 min read

Architecturer

Kubernetes pods/exec #

pods/exec is a convenient way to execute commands inside a container for debugging and administration. But here's a challenge right off the bat: how safe do you think the following Kubernetes role is — one that could be granted to any user, assuming the absurd scenario that the Secret resource is not used in the cluster?

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: test-role
rules:
  - apiGroups: [""]
    resources: ["*"]
    verbs: ["get"]

If you answered "safe," you're not alone — and you would have granted pods/exec access to any user in the cluster, provided you also created a ClusterRoleBinding on top of it.

Kubernetes Audit

March 23, 2025 · 14 min read

Putilin Dmitry Lvovich

Architecturer

Kubernetes Audit #

Continuing the Kubernetes article series in a new format.

Kubernetes is a powerful interaction interface via gRPC and REST API, but it requires significant effort to ensure security and protection against unauthorized access. One of the key tools for this is the audit system, which allows you to track all actions in the cluster. In this article, we will cover the basics of configuring audit in Kubernetes, its capabilities, and configuration examples that will help you build an effective audit policy for your cluster.

Kubernetes The Hard Way

March 23, 2025 · 13 min read

Putilin Dmitry Lvovich

Architecturer

Kubernetes The Hard Way #

Resuming the Kubernetes article series in a new format.

This article describes the overall experience of manually deploying Kubernetes without using automated tools such as kubeadm. The presented approach is consistent with our documentation, which we maintain according to best practices and IAC methodologies.

All configuration provided below exactly replicates the behavior of kubeadm. As a result, the final cluster is hard to distinguish — whether it was assembled using kubeadm or manually.