Console

Persistence: Service Account Created in sensitive namespace

This document describes a threat finding type in Security Command Center. Threat findings are generated by threat detectors when they detect a potential threat in your cloud resources. For a full list of available threat findings, see Threat findings index.

Finding description

Someone created a service account in a sensitive namespace. Thekube-system and kube-public namespaces are critical for GKE cluster operations, and unauthorized service accounts could compromise cluster stability and security.

If the service account is unauthorized, delete it and investigate the method of creation.

What's next

Learn how to work with threat findings in Security Command Center.
Refer to the Threat findings index.
Learn how to review a finding through the Google Cloud console.
Learn about the services that generate threat findings.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-08-21 UTC.

Persistence: Service Account Created in sensitive namespace Stay organized with collections Save and categorize content based on your preferences.

Finding description

What's next

Persistence: Service Account Created in sensitive namespace