k8s üzemeltetőknek figyelem:
https://github.com/kubernetes/kubernetes/issues/71411
With a specially crafted request, users that are authorized to establish a connection through the Kubernetes API server to a backend server can then send arbitrary requests over the same connection directly to that backend, authenticated with the Kubernetes API server’s TLS credentials used to establish the backend connection.
Ugyan a leírás "users that are authorized"-ot említ, de ha az anonymous access engedélyezve van akkor lényegében bárkinek lehetősége van teljes root access-t szerezni a cluster felett.