Open LeoFVO opened 7 months ago
Hi, I have the same question, if I plan to run Grafana without a ClusterRole, what limitations will I encounter?
@zalegrala or any core members ? Any opinion ? From an external point of view this seems a critical security risk, for no valid reason.
Knowing most of people will just apply the chart out of the box, if grafana has a compromission, the whole kubernetes cluster is instantly compromised. Because having access to all the secrets allows grabing:
Hello, I was wondering, why does Grafana have a
ClusterRole
allowing him to get/listSecrets
andConfigMap
?This could be unsafe in case of compromising, allowing the
ServiceAccount
to grab all clusterSecrets
andConfigMap
.What is your opinion on this ?