Securing Production Debugging in Kubernetes
During production debugging, the fastest route is often broad access such as cluster-admin
(a ClusterRole that grants administrator-level access), shared bastions/jump boxes, or long-lived SSH keys. It works in the moment, but it comes with two common problems: auditing becomes difficult, and temporary exceptions have a way of becoming routine.
This post...