Trivy misconfig : Cluster Admin0 Role Only Used Where Required

terraform-ibm-modules / terraform-ibm-mas

Deploys Maximo Application Suite on an IBM Cloud openshift cluster.

Apache License 2.0

2 stars 1 forks source link

Trivy misconfig : Cluster Admin0 Role Only Used Where Required #88

Open padmankosalaram opened 2 months ago

padmankosalaram commented 2 months ago

Issue: https://avd.aquasec.com/misconfig/kubernetes/general/avd-ksv-0111/

Cluster Admin0 Role Only Used Where Required

User with admin access Either cluster-admin or those granted powerful permissions.

Links - https://kubernetes.io/docs/concepts/security/rbac-good-practices/

padmankosalaram commented 2 months ago

This issue can not be fixed. Please find below the reason.

The helm template will invoke a job which creates the pod which in turn calls mas cli functions to install MAS.

This mas cli install command will install operators in different namespace and expect cluster-admin role. Without this cluster-admin role, the mas cli install command will not execute