The cluster was up, but the doors were wide open.

Kubernetes access control is the thin wall between your workloads and the world. Misconfigured permissions can expose pods, secrets, and services. Nmap is the fastest way to see who can get in, and from where. Used together, Kubernetes and Nmap give you a clear map of attack surfaces before someone else draws it for you.

Start with the basics: verify kubeconfig files, RBAC roles, and API server endpoints. Watch for overly broad permissions like cluster-admin granted to service accounts. Keep API ports locked down to known IP ranges.

Then bring in Nmap. Scan your cluster nodes and load balancers. Look for open ports you did not expect—6443 for the Kubernetes API, 10250 for kubelet, 10255 if unsecured. Check internal service IP ranges too; a misrouted network policy can expose workloads to unwanted traffic. Combine Nmap timing templates with targeted address lists to avoid unnecessary noise and detect only relevant gaps.

Security in Kubernetes is about proactive discovery. Nmap sees the network reality, regardless of what manifests say. Pair these results with Kubernetes audit logs and you get a full picture: who can reach what, and how quickly you can close the path.

Run scheduled scans after every deployment. Test cluster ingress and egress policies by scanning from controlled pods inside the cluster. Make sure service meshes, firewalls, and node security groups reflect the intended exposure.

Every minute an open port exists is a minute an attacker could use it. Use Kubernetes access reviews and Nmap scans as part of your CI/CD flow. Automate them, store the results, learn from them, and block the next gap before it happens.

See how this works live on your own clusters—deploy a full Kubernetes access + Nmap workflow in minutes with hoop.dev.