Manage Leases in kube-system or kube-node-lease namespace

Overview

Field	Value
ID	1081
Name	Manage Leases in kube-system or kube-node-lease namespace
Risk Category	Tampering
Risk Level	Critical
Role Type	Role
API Groups	coordination.k8s.io
Resources	leases
Verbs	create, update, patch, delete
Tags	ControlPlaneDisruption CriticalNamespace DenialOfService Tampering

Description

Allows managing Lease objects in critical namespaces like ‘kube-system’ or ‘kube-node-lease’. This is highly critical as it can disrupt core Kubernetes components, lead to node instability, or denial of service.