User Pods should not be placed in kube-system namespace
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | misconfiguration |
Description#
User pods are deployed into the kube-system namespace, which is reserved for critical Kubernetes system components. This practice can lead to mixing user workloads with core infrastructure resources, increasing risk and complexity.
Impact#
Placing user pods in the kube-system namespace could allow accidental or malicious interference with essential cluster services, potentially leading to cluster instability, privilege escalation, or denial of service affecting the entire Kubernetes environment.
Resolution#
Deploy the use pods into a designated namespace which is not kube-system.