It is possible for a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects/namespaces that match the TLD. References - https://docs.openshift.com/container-platform/4.10/architecture/admission-plug-ins.html#admission-plug-ins-default_admission-plug-ins - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/#namespaces-and-dns - https://cwe.mitre.org/data/definitions/923.html