More policies to consider #29

alban · 2018-12-11T00:51:34Z

Some policies to consider:

no (Cluster)RoleBinding on a 'default' service account
no (Cluster)RoleBinding for cluster-admin
no ConfigMap containing strings like aws_secret_access_key=

The text was updated successfully, but these errors were encountered:

marwinski · 2018-12-13T09:58:35Z

Some comments / ideas from my side:

(1) Above sounds like a good idea which might complement my other idea (see separate ticket)
(2) I don't fully understand. Do you want to prevent this in general or just for service accounts? It appears to make a lot of sense for the latter but not for users / groups. It would also break a lot of admittedly bad behaviour - so it would probably be quite good to do that :-)
(3) I believe we should not try to restrict what people put into config maps...

alban · 2018-12-17T09:33:33Z

re (2): I was thinking of service accounts indeed.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

More policies to consider #29

More policies to consider #29

alban commented Dec 11, 2018

marwinski commented Dec 13, 2018

alban commented Dec 17, 2018

More policies to consider #29

More policies to consider #29

Comments

alban commented Dec 11, 2018

marwinski commented Dec 13, 2018

alban commented Dec 17, 2018