Open NissesSenap opened 1 year ago
If someone get's in to a deployment with access to to update other deployments they shouldn't be able to update there own deployment and point to another service account. This is a simple way of escalating your access in a cluster.
https://github.com/open-policy-agent/gatekeeper-library/tree/master/library/general/noupdateserviceaccount
If someone get's in to a deployment with access to to update other deployments they shouldn't be able to update there own deployment and point to another service account. This is a simple way of escalating your access in a cluster.
https://github.com/open-policy-agent/gatekeeper-library/tree/master/library/general/noupdateserviceaccount