I'm releasing research soon detailing a technique to take over Kubernetes clusters. It allows running arbitrary commands in EVERY pod in the cluster using only a commonly granted "read only" RBAC permission.

Oh and it's not logged by Kubernetes AuditPolicy…