Attackers may attempt to run their code in the cluster by deploying a container. Attackers who have permissions to deploy a pod or a controller in the cluster (such as DaemonSet / ReplicaSet / Deployment) can create a new resource for running their code.
Create a pod that includes malicious code.
apiVersion: v1
kind: Pod
metadata:
name: evil-pod
spec:
containers:
- image: evil-container-image
name: evil