This article details a vulnerability in Kubernetes where service accounts with nodes/proxy GET permissions can execute commands in any Pod across reachable Nodes. This issue arises from how the Kubelet authorizes WebSocket connections, potentially leading to full cluster compromise without proper logging.

Headlamp is an extensible web UI for Kubernetes, designed to provide a user-friendly interface for managing resources across multiple clusters. It supports in-cluster operation and local desktop usage, with features such as role-based access controls, plugin extensibility, and a clean interface. Users can deploy it in their clusters or try it locally with a configured kubeconfig file.