1 Service Accounts
2 Workloads
4 Bindings
4 Low
Description
Helm chart for deploying a multi-tenant etcd cluster.
Overview
| Identity | Namespace | Automount | Secrets | Permissions | Workloads | Risk |
|---|---|---|---|---|---|---|
kamaji-etcd | default | ❌ | — | 4 | 3 | Low |
Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.
Identities
🤖 kamaji-etcd
Namespace: default | Automount: ❌
🔑 Permissions (4)
| Role | Resource | Verbs | Risk | Tags |
|---|---|---|---|---|
Role kamaji-etcd-gen-certs-role | core/secrets | create | Low | |
Role kamaji-etcd-gen-certs-role | apps/statefulsets (restricted to: kamaji-etcd) | get · list · patch · watch | Low | ResourceNameRestricted |
Role kamaji-etcd-gen-certs-role | core/secrets (restricted to: kamaji-etcd-certs) | delete · get · patch | Low | ResourceNameRestricted |
Role kamaji-etcd-gen-certs-role | core/secrets (restricted to: kamaji-etcd-root-client-certs) | delete · get · patch | Low | ResourceNameRestricted |
⚠️ Potential Abuse (1)
The following security risks were found based on the above permissions:
📦 Workloads (3)
| Kind | Name | Container | Image |
|---|---|---|---|
| Job | kamaji-etcd-etcd-setup-1 | kubectl | clastix/kubectl:v1.20 |
| Job | kamaji-etcd-etcd-setup-2 | etcd-client | quay.io/coreos/etcd:v3.5.6 |
| Job | kamaji-etcd-etcd-teardown | kubectl | clastix/kubectl:v1.20 |