RBAC

Deploying containers with insecure settings (root user, 'latest' image tags, disabled security contexts, overly broad RBAC roles) persists because Kubernetes doesn't enforce strict security defaults. This exposes clusters to container escape, privilege escalation, and unauthorized production changes.

The real challenge in Kubernetes deployment goes beyond cluster setup to configuring RBAC, secrets management, and infrastructure-as-code. Teams without prior experience make decisions that require painful redesigns later, as shown by organizations requiring 50% of their year dedicated to cluster maintenance.

Managing Role-Based Access Control across a single Azure subscription requires creating numerous custom roles and complex deny rules, leading to configuration errors and high management overhead.