SPIKE - Audit RBAC permissions on a default deployment of Big Bang
RBAC permissions need to be audited for least-privileges. Any service accounts given "*" privileges or create privileges for pods (incl. daemonsets, jobs, replicasets, statefulsets, deployments, etc.) should be scrutinized and permissions reduced if possible.
This spike would use the a tool from RBAC.dev to analyze BigBang's RBAC configuration. KubiScan looks like it might actually flag risky permissions. Issues should be opened up under packages for any permissions that are deemed to be too permissive.
Activity
added ~5347 all-packages teamcore/security labels
@michaelmcleroy this issue has been inactive for 30 days and is being labelled as stale. If this issue is still required please take action by removing the stale label and commenting with an update, status, or justification. If this issue is not required please close it or label it as delete-me. If no action is taken this issue will be auto closed in 60 days.
added stale label
removed stale label
-
@michaelmcleroy this issue has been inactive for 30 days and is being labelled as stale. If this issue is still required please take action by removing the stale label and commenting with an update, status, or justification. If this issue is not required please close it or label it as delete-me. If no action is taken this issue will be auto closed in 60 days.
added stale label
added no-auto-close label
removed stale label