Back to all scenarios
Scenario #211
Security
K8s v1.22, AWS EKS

Insecure Default Namespace Leading to Unauthorized Access

Unauthorized users gained access to resources in the default namespace due to lack of namespace isolation.

Find this helpful?
What Happened

Users without explicit permissions accessed and modified resources in the default namespace because the default namespace was not protected by network policies or RBAC rules.

Diagnosis Steps
  • 1Checked RBAC policies and confirmed that users had access to resources in the default namespace.
  • 2Inspected network policies and found no restrictions on traffic to/from the default namespace.
Root Cause

Insufficient access control to the default namespace allowed unauthorized access.

Fix/Workaround
• Restricted access to the default namespace using RBAC and network policies.
• Created separate namespaces for different workloads and applied appropriate isolation policies.
Lessons Learned

Avoid using the default namespace for critical resources and ensure that proper access control and isolation are in place.

How to Avoid
  • 1Use dedicated namespaces for different workloads with appropriate RBAC and network policies.
  • 2Regularly audit namespace access and policies.
Previous ScenarioNext Scenario