"In this video, John Martinez shows us how this policy requires an MFA prompt to escalate privileges within Kubernetes for more sensitive actions. 👉 What exactly does this policy do? This policy helps prevent attackers from gaining administrative permissions on your Kubernetes clusters. The policy can be further enhanced by adding other contextual attributes and additional friction such as Approval Workflows. 👉 Why it matters Privilege escalation attacks allow adversaries to move from low-level access to high-impact capabilities within a system. By requiring additional friction like MFA before granting elevated privileges, you limit the blast radius of compromised credentials. "
This policy requires an MFA prompt in order to escalate privilege to run administrative commands on my Kubernetes cluster.
In this case, I require that the user is part of the strong DM prod EKS DevOps role, and the Kubernetes group that will be impersonated is SDM DevOps.
Let's go ahead and list out all of the pods in our cluster.
The pod we wanna destroy is this engine X pod.
Let's go ahead and attempt to delete it.
I don't have permissions because I am not in that Kubernetes group.
Let's go ahead and rerun this command with elevated privileges.
I'm being prompted for an MFA on my mobile device. I'm gonna hit approve.
The pod is now deleted.
