WOKTHREATS

Threats in Kubernetes

Compromised accounts: In cases where Kubernetes clusters are deployed in public clouds (such as Azure Kubernetes Service (AKS) or Google Kubernetes Engine (GKE)), compromised cloud credentials could lead to cluster takeover, as attackers who have access to account credentials can get access to the cluster’s management layer.
Vulnerable or misconfigured images:

Images that are not updated regularly might contain vulnerabilities that can be exploited in malicious attacks.
Environment misconfigurations:

An attacker with access to the Kubernetes API, either through exposed management interfaces or lack of appropriate authentication/authorization controls, could completely take down the server, deploy malicious containers, or hijack the entire cluster.
App-level attacks:
Applications could be exploited through several typical methods, such as SQL injection, cross-site scripting, and remote file inclusion.
Node-level attacks:
Attackers can gain initial access through nodes (host machines that containers run on) that run on vulnerable code or software, have open management interfaces such as SSH, or run commands from the cloud control plane. There is also the risk of pod escape, where a compromised pod can provide access to the node or to other pods in the cluster.
Unauthorized traffic:
Insecure networking between the different containers within the cluster and between the pods and outside world could be subject to malicious traffic if not secured.