[merb]

hm, so only people are affected that gave users access to specific permissions that are not supposed to do everything. we only allow cluster access to people that needed cluster-admin rights anyway..

for anybody else, we abstract k8s away.

[web007]

https://github.com/kubernetes/kubernetes/issues/71411 for more details, which includes:

  In default configurations, all users (authenticated and unauthenticated) are allowed to perform discovery API calls that allow this escalation.