RBAC

Deploying containers with insecure settings (root user, 'latest' image tags, disabled security contexts, overly broad RBAC roles) persists because Kubernetes doesn't enforce strict security defaults. This exposes clusters to container escape, privilege escalation, and unauthorized production changes.

The real challenge in Kubernetes deployment goes beyond cluster setup to configuring RBAC, secrets management, and infrastructure-as-code. Teams without prior experience make decisions that require painful redesigns later, as shown by organizations requiring 50% of their year dedicated to cluster maintenance.