Apr 30
Loading video player...
I found a CI runner service account with the bind verb on ClusterRoles. Three commands later I was cluster-admin, reading secrets across every namespace. In this episode I'll show you: • The exact 3-command privilege escalation — live in a real cluster • Why bind, escalate, and impersonate are the three most dangerous verbs in Kubernetes • The jq one-liner to audit who actually has cluster-admin in your cluster right now • How to lock down your CI service accounts to least privilege • The before/after ClusterRole YAML you can copy directly All commands and YAML shown in the video are in the script linked below. ───────────────────────────────────────────── 🔥 Practice this yourself with Mayhem — free K8s incident simulator: github.com/devops-with-kosa/mayhem-k8s 📺 Subscribe for new episodes every week @devopswithkosa ───────────────────────────────────────────── #Kubernetes #KubernetesSecurity #CKS #RBAC #DevSecOps #K8s #CloudSecurity #DevOps #SRE #CKSExam #PrivilegeEscalation