Separating user functionality from management functionality is a requirement for all the components within the Kubernetes Control Plane. Without the separation, users may have access to management functions that can degrade the Kubernetes architecture and the services being offered, and can offer a method to bypass testing and validation of functions before introduced into a production environment.
Check
On the Control Plane, run the command: kubectl get pods --all-namespaces
Review the namespaces and pods that are returned. Kubernetes system namespaces are kube-node-lease, kube-public, and kube-system.
If any user pods are present in the Kubernetes system namespaces, this is a finding.
Fix
Move any user pods that are present in the Kubernetes system namespaces to user specific namespaces.