Attacking Kubernetes in the Cloud: Container Escape to Cluster Admin

  • July 17, 2026

Why Kubernetes Is the Next Frontier for Cloud Red Teams

Kubernetes has become a primary pivot point in cloud breaches: an attacker with code execution in a single pod can escalate to cluster-admin privileges and cloud account access within minutes due to pod identity integrations with EKS IAM roles, AKS Workload Identity, and GKE Workload Identity.

Every major cloud provider now offers a managed Kubernetes service: EKS on AWS, AKS on Azure, and GKE on Google Cloud. Organizations are migrating production workloads into these clusters at pace, and the attack surface is expanding faster than most security teams can map it. Yet most cloud pentesting engagements still treat Kubernetes as an afterthought, focusing on IAM misconfigurations and storage exposure while ignoring the container orchestration layer entirely.

Key Takeaway: A single misconfigured Kubernetes service account with overprivileged IAM role annotations can escalate from pod compromise to full cloud account access across EKS, AKS, and GKE within minutes, making pod identity and RBAC the primary attack surface in managed Kubernetes environments.

This is a mistake. In real-world intrusions, Kubernetes has become a primary pivot point. An attacker who gains code execution inside a single pod can often escalate to cluster-admin privileges, exfiltrate secrets from every namespace, and pivot into the underlying cloud account, all within minutes.

The Attack Chain: From Pod to Cloud Account

Kubernetes attacks follow a predictable three-phase escalation: initial pod compromise, container escape to node-level access, then federation into cloud IAM through pod identity mechanisms, with each phase exploiting the intersection of Kubernetes RBAC and cloud service account bindings.

The typical Kubernetes exploitation chain in a cloud environment follows a predictable pattern that defenders need to understand intimately. It starts with initial access, usually through a vulnerable application running inside a pod, an exposed Kubernetes dashboard, or a misconfigured kubelet API. From there, the attacker moves through distinct phases that exploit the intersection of Kubernetes RBAC and cloud IAM.

Container escape is where things get interesting from a red team perspective. Privileged containers, hostPath mounts, and capabilities like SYS_PTRACE or SYS_ADMIN create escape vectors that are surprisingly common in production clusters. Once on the node, the attacker has access to the kubelet credentials, the instance metadata service, and potentially every secret mounted by pods on that node.

EKS-Specific Attack Paths

IRSA (IAM Roles for Service Accounts) misconfigurations are the highest-impact finding in EKS assessments: overprivileged service account annotations allow pods to assume IAM roles far beyond workload requirements, directly chaining Kubernetes compromise into S3, Secrets Manager, and EC2 API access.

Amazon EKS introduces unique attack vectors through its integration with AWS IAM. The aws-auth ConfigMap maps IAM roles to Kubernetes RBAC groups, and misconfigurations here are rampant. IRSA (IAM Roles for Service Accounts) was designed to limit blast radius, but in practice, overprivileged service account annotations allow pods to assume IAM roles far beyond what their workload requires.

The EKS Pod Identity Agent, introduced more recently, doesn't eliminate these risks. It shifts them. Attackers who can modify pod specifications or service account annotations can chain Kubernetes access into full AWS account compromise. We've observed this exact pattern in breach simulations where a single misconfigured service account annotation led to S3 bucket access across the entire organization.

AKS and the Entra ID Integration

Workload Identity Federation in AKS mirrors IRSA design but inherits Azure's cross-tenant trust model: attackers who modify service account annotations can federate into Azure resources protected by Conditional Access policies, making it the highest-impact finding in our Azure bootcamp exercises.

Azure Kubernetes Service's integration with Entra ID creates attack paths that blend traditional Active Directory tradecraft with Kubernetes exploitation. AKS clusters using Azure AD authentication for RBAC are susceptible to token replay attacks if cluster role bindings are overly permissive. The managed identity assigned to the AKS cluster itself often has permissions to the broader Azure subscription that go unaudited.

Workload Identity Federation in AKS mirrors IRSA's design but inherits Azure's trust model. An attacker who can create or modify a Kubernetes ServiceAccount with the correct annotations can federate into any Azure resource the workload identity trusts. This cross-boundary movement from Kubernetes to Azure control plane is consistently the highest-impact finding in our Azure cloud bootcamp exercises.

GKE and Workload Identity

GKE Workload Identity's security depends entirely on Kubernetes RBAC isolation: if an attacker creates pods in a namespace with a privileged Workload Identity binding, they inherit GCP service account permissions without touching node-level credentials, making namespace isolation the critical control point.

Google Kubernetes Engine's Workload Identity binds Kubernetes service accounts to Google Cloud service accounts. The security improvement over node-level service accounts is significant, but the implementation creates its own risks. Namespace-level trust boundaries depend entirely on correct Kubernetes RBAC. If an attacker can create pods in a namespace with a privileged Workload Identity binding, they inherit those GCP permissions.

GKE Autopilot clusters restrict some escape vectors by enforcing security constraints, but they also limit the security team's ability to deploy detection tooling. This tradeoff between operational security and visibility is something practitioners need to evaluate case by case.

Detection Engineering for Kubernetes Attacks

Container escape and cloud credential theft appear across two separate audit streams: Kubernetes audit logs capture exec calls and API anomalies, while CloudTrail records the resulting cloud API calls, requiring correlation rules that link both sources to detect the full attack chain.

Detecting Kubernetes attacks in cloud environments requires correlation across two distinct telemetry sources: Kubernetes audit logs and cloud provider audit trails. A container escape won't appear in CloudTrail. It shows up in the Kubernetes audit log as an API call to exec into a pod. The subsequent IAM credential theft appears in CloudTrail but lacks the Kubernetes context explaining how the attacker got there.

Effective detection requires mapping the full attack chain: suspicious exec calls, anomalous API server requests, unexpected service account token usage, and the resulting cloud API calls. Building these detection rules is a core skill we develop in our hands-on bootcamp labs, where participants trace complete attack chains from pod compromise to cloud account takeover.

Building the Skills That Matter

Kubernetes security requires fluency across container orchestration, cloud IAM, and penetration testing, three distinct skill domains that practitioners must integrate to identify critical attack paths. Organizations that invest in building these hybrid skills find the attack vectors that adversaries exploit in production environments.

Kubernetes security in cloud environments sits at the intersection of container orchestration knowledge, cloud IAM expertise, and traditional penetration testing skills. Practitioners who can bridge all three domains are exceptionally rare, and exceptionally valuable. The organizations that invest in building these hybrid skills are the ones that find the critical attack paths before adversaries do.

Bottom Line

Kubernetes has emerged as the primary pivot point in cloud attacks, with pod identity mechanisms (IRSA, Workload Identity, Workload Identity Federation) enabling direct federation from container compromise to cloud account access. The attack chain of pod compromise, container escape, and cloud credential theft is repeatable across EKS, AKS, and GKE, making Kubernetes RBAC and cloud IAM integration the highest-value attack surface in managed Kubernetes environments. Detection requires correlating signals across Kubernetes audit logs and cloud provider audit trails to identify lateral movement before cloud APIs are abused.

Related Articles

Climbing the Azure RBAC Ladder

December 10, 2024
Join us in this new blog post as we explore the various methods that threat actors commonly use to move laterally and...

Abusing Identity Providers in AWS

March 14, 2024
Join us on a ride-along pentest of AWS and GitLab! Huge Logistics has hired us to perform a security assessment of...

Diving Deep into Azure VM Attack Vectors

March 4, 2024
Join us as we dive into Azure Virtual Machine (VM) security from a red team perspective, focusing on identifying and...