kubectl-debugging

This document is a legitimate operational guide for human-led Kubernetes debugging using kubectl debug. It contains examples that require elevated capabilities (node host mounts, SYS_ADMIN/SYS_PTRACE) which, while necessary for some troubleshooting, present significant privilege escalation and data exposure risk if misused or granted to automated agents. No direct malicious code or obfuscation is present, and there are no embedded exfiltration endpoints. Recommended controls: strict RBAC and admission policies to restrict debug profiles, require explicit human authorization for node-level debugging, ensure kubeconfig/context discipline (always use --context), audit and alert on creation of debug pods and ephemeral containers, and avoid granting automation unrestricted kubectl debug capabilities.