100% Free
🎯 3200+ Questions. One Goal: Your Success Sign In Sign Up

Why must RBAC roles be tightly scoped in multi-team clusters?

Expert Kubernetes
Quick Answer Broad RBAC roles (like cluster-admin) given to developer ServiceAccounts allow any Pod they deploy to read all secrets, modify any Deployment, or delete any resource cluster-wide. A compromised Pod becomes a cluster takeover. Tight scoping (namespace-scoped roles, specific verbs on specific resources) limits the blast radius of any compromised workload.

Answer

Poor scoping allows privilege escalation through rolebinding or secret edits.
S
SugharaIQ Editorial Team Verified Answer

This answer has been peer-reviewed by industry experts holding senior engineering roles to ensure technical accuracy and relevance for modern interview standards.

Bookmark Add to Set Notes

Want to bookmark, take notes, or join discussions?

Sign in to access all features and personalize your learning experience.

Sign In Create Account

Source: SugharaIQ

Related Questions in Kubernetes

(10 questions)
What problem does Kubernetes fundamentally solve compared to running containers manually?
What is a Kubernetes Cluster made of?
What is a Pod in Kubernetes and why isn’t a container scheduled directly?
What is the role of the Kubelet on every worker node?
Why does every Pod get its own IP address?
What is a Deployment used for?
What is the difference between a Deployment and a StatefulSet?
What is a Service in Kubernetes?
What does a ClusterIP Service do?
Why is a NodePort Service rarely used in production?
View All Kubernetes Questions
Ready to level up? Start Practice