Misconfigured Admission Controllers Allowing Insecure Resources

Admission controllers were misconfigured, allowing the creation of insecure or non-compliant resources.

Find this helpful?

What Happened

Admission controllers were either not enabled or misconfigured, allowing users to create resources without enforcing security standards, such as running containers with privileged access or without required security policies.

Diagnosis Steps

1Reviewed the admission controller configuration and found that key controllers like PodSecurityPolicy and LimitRanger were either disabled or misconfigured.
2Audited resources and found that insecure pods were being created without restrictions.

Root Cause

Misconfigured or missing admission controllers allowed insecure resources to be deployed.

Fix/Workaround

• Enabled and properly configured necessary admission controllers, such as PodSecurityPolicy and LimitRanger, to enforce security policies during resource creation.
• Regularly audited resource creation and applied security policies to avoid insecure configurations.

Lessons Learned

Admission controllers are essential for enforcing security standards and preventing insecure resources from being created.

How to Avoid

1Ensure that key admission controllers are enabled and configured correctly.
2Regularly audit the use of admission controllers and enforce best practices for security policies.

Previous Scenario Next Scenario