While it all falls under "security", it feels too confused in what it's trying to show.
I think it focuses too much on the happy path of security, typically you'll want to focus on specific areas. For example, access to the kubernetes API and what you can do, effective bypasses of RBAC by impersonation because a user has access to something else like argocd or a job system. Or another example, network paths and how they're all connected together.
Some boxes are weirdly disconnected, e.g. things point to the ingress but nothing flows out (hiding the potential that an ingress can be confused to route to your internal services), runtimes sit to the side when they should sit above the kernel, namespace is just a box to the side, etc.
Took some time to make, looking for comment's and suggestions
Very interesting! Looks like it took a lot of work.
Since you are soliciting suggestions, I would suggest focusing on the core theme and simplifying or removing things that are not directly related to the subject.
For example, some peripheral mentions of argocd/helm/kustomize/cilium/opentofu/etc. There are boxes for these with arrows, but nothing showing how these are tied into security. They're also specific products that not everyone uses so can be further irrelevant to your audience.
But by including them it makes the diagram perhaps unnecessarily busy, and while it looks cool, it could be less useful to your audience if it's harder to parse. Maybe certain things could be broken out into sub-diagrams with their own treatment.
For example, ArgoCD has its own security architecture not directly related to k8s.
Thanks for the suggestions :) I'll look into how I can tune those down a little. They are however needed to understand the "platform picture" I am trying to get through in some discussions
Thank you for making this.
Nice job, I'll have a deeper look at it when I'll be back at the large screen.
SVG link for the impatient: https://raw.githubusercontent.com/lars-solberg/kubesec-diagr...
