If you see 400 Bad Request, that means this pod has access to the admission controller.
How easy would it be to find an avenue to make a request to the admission controller for anything running on your k8s cluster? (maybe your service takes any kind of URL and makes a request on your server...there's infinite possibilities of exploiting this.)
I am rethinking my choice in using ingress-nginx entirely, perhaps it's time to find a simpler solution that has more secure defaults.
Here's a simple test:
`kubectl exec -it` a pod:
curl -k --fail https://ingress-nginx-controller-admission.ingress-nginx.svc...
If you see 400 Bad Request, that means this pod has access to the admission controller.
How easy would it be to find an avenue to make a request to the admission controller for anything running on your k8s cluster? (maybe your service takes any kind of URL and makes a request on your server...there's infinite possibilities of exploiting this.)
I am rethinking my choice in using ingress-nginx entirely, perhaps it's time to find a simpler solution that has more secure defaults.