To follow the least privilege approach for the Compass Manager, restrictive RBAC rules have to be established.
The Kubernetes service account which is used to run the Compass Manager should only be allowed to access Kubernetes resources which are mandatory to fulfil his job. Access to other resources on the KCP cluster has to be rejected.
AC:
[ ] Define RBAC rules (role + role bindings) for the service account used by the Compass Manager
[ ] Per default is any access to KCP resources blocked
[ ] Whitelist the access only for Kubernetes resources which are required by the Compass Manager to work correctly.
Steps to exploit
Compass Manager is able to read Kubernetes resources which are NOT required to fulfil his work.
Risk assessment
Result of the Treat Modelling workshop from 2023-11-29.
Proposed mitigation
Define RBAC rules for the Compass Manager service account by setting up a proper and restrictive Kubernetes role and role binding.
tobiscr
commented
11 months ago
Description
To follow the least privilege approach for the Compass Manager, restrictive RBAC rules have to be established.
The Kubernetes service account which is used to run the Compass Manager should only be allowed to access Kubernetes resources which are mandatory to fulfil his job. Access to other resources on the KCP cluster has to be rejected.
AC:
Steps to exploit
Compass Manager is able to read Kubernetes resources which are NOT required to fulfil his work.
Risk assessment
Result of the Treat Modelling workshop from 2023-11-29.
Proposed mitigation
Define RBAC rules for the Compass Manager service account by setting up a proper and restrictive Kubernetes role and role binding.