SECURITY SERIES · 03·3 min read
Every pod holds a key to a door it never opens
Least privilege for Kubernetes workloads doesn't start with an RBAC role — it starts with revoking the API token every pod silently carries, then layering identity, non-root, and Pod Security on top.
- kubernetes
- security
- least-privilege
- rbac
- service-accounts