DZone

If you’re using Kubernetes, you understand the importance of the API server. Referred to as ‘the core of Kubernetes’ control plane’ in the platform’s own documentation, the API server enables users, cluster elements, and external components to communicate with each other. Each of those communication instances constitutes a REST API call for which the API server is responsible. The API server subsequently treats everything in Kubernetes as an API object, the platform notes elsewhere on its website. As such, administrators can use the API to manipulate the state of pods, namespaces, and other API objects.

This functionality makes it imperative for administrators to keep the API locked down. To do that, they need to realize that the API generally comes exposed on every deployment for management purposes. This default configuration makes it possible for an unauthenticated actor to interact with publicly exposed Kubernetes clusters and manipulate what’s considered to be a valid request. They could then change some of the settings and configure the API to approve requests in a way that allows for malicious activity such as connecting to or downloading files from suspicious websites.

Source: DZone