You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Similar to #988, this issue proposes a security-minded preflight permission check that warns when the referenced Service Account is granting more permission than needed for a Cluster Extension to do its work.
Currently, Cluster Extension installations can proceed even if the provided Service Account has excessive permissions. A preflight check would help ensure that Cluster Extensions operate within the principle of least privilege, enhancing the overall security of the cluster.
This proposal builds upon previous efforts to define and manage Service Account permissions within Cluster Extensions:
A preflight check that analyzes Service Account permissions and flags potential over-privileging would significantly contribute to a more secure Cluster Extension deployment process.
The text was updated successfully, but these errors were encountered:
Similar to #988, this issue proposes a security-minded preflight permission check that warns when the referenced Service Account is granting more permission than needed for a Cluster Extension to do its work.
Currently, Cluster Extension installations can proceed even if the provided Service Account has excessive permissions. A preflight check would help ensure that Cluster Extensions operate within the principle of least privilege, enhancing the overall security of the cluster.
This proposal builds upon previous efforts to define and manage Service Account permissions within Cluster Extensions:
A preflight check that analyzes Service Account permissions and flags potential over-privileging would significantly contribute to a more secure Cluster Extension deployment process.
The text was updated successfully, but these errors were encountered: