The bug is that the Deployment vitess-operator in the manifests has too much RBAC permissions than it needs. The service account of vitess-operator is bound to a role(role.yaml) with the following permissions:
create/patch/update/delete verb of the daemonsets/deployments/pods/replicasets/statefulsets resource (Role)
patch/update/delete verb of the services resource (Role)
After reading the source code of vitess-operator, I didn't find any Kubernetes API usages using these permissions. Besides, some of these unused permissions may have potential risks. For example, if malicious users gain control of a Kubernetes node running a vitess-operator pod, they can use the create deployments permission to create privileged containers with malicious container images.
Therefore, these permissions should be rechecked to determine if they are truly unnecessary. If they are, the issue should be fixed by removing the unnecessary permissions or other feasible methods.
Description
The bug is that the Deployment vitess-operator in the manifests has too much RBAC permissions than it needs. The service account of
vitess-operatoris bound to a role(role.yaml) with the following permissions:create/patch/update/deleteverb of thedaemonsets/deployments/pods/replicasets/statefulsetsresource (Role)patch/update/deleteverb of theservicesresource (Role)After reading the source code of vitess-operator, I didn't find any Kubernetes API usages using these permissions. Besides, some of these unused permissions may have potential risks. For example, if malicious users gain control of a Kubernetes node running a
vitess-operatorpod, they can use thecreate deploymentspermission to create privileged containers with malicious container images.Therefore, these permissions should be rechecked to determine if they are truly unnecessary. If they are, the issue should be fixed by removing the unnecessary permissions or other feasible methods.
To Reproduce
Use the manifests with default values.