There's a nice table with five high security issues. The lack of authentication within the cluster is pretty damning.

yeah that one is kind of interesting, really needs more detail. I think what they're talking about is that it's possible to configure insecure connections between the different components.

However, if that's the case, that's a distribution specific issue and not really anything intrinsic in k8s.

Edit - there's a GH issue here https://github.com/kubernetes/kubernetes/issues/81112

Yea I just don't buy it. The fact that you can use any tls cert is obviously how it should work. It complains loudly