Cluster Admin Rolebinding With Superuser Permissions
- Query id: 249328b8-5f0f-409f-b1dd-029f07882e11
- Query name: Cluster Admin Rolebinding With Superuser Permissions
- Platform: Kubernetes
- Severity: Low
- Category: Access Control
- URL: Github
Description¶
Ensure that the cluster-admin role is only used where required (RBAC)
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: tiller-clusterrolebinding
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: ""