dynatrace-operator

Description

The Dynatrace Operator Helm chart for Kubernetes and OpenShift

• https://github.com/Dynatrace/dynatrace-operator

Overview

Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.

Identities

🤖 dynatrace-webhook

Namespace: default  |  Automount: ❌

🔑 Permissions (21)

⚠️ Potential Abuse (5)

The following security risks were found based on the above permissions:

• Read secrets cluster-wide
• Read secrets in a namespace
• Read ConfigMaps in a namespace
• List Namespaces (Cluster Reconnaissance)

📦 Workloads (1)

🤖 dynatrace-oneagent-csi-driver

Namespace: default  |  Automount: ❌

🔑 Permissions (6)

⚠️ Potential Abuse (3)

The following security risks were found based on the above permissions:

• Read secrets in a namespace
• Read ConfigMaps in a namespace

📦 Workloads (4)

🤖 dynatrace-dynakube-oneagent

Namespace: default  |  Automount: ✅

🔑 Permissions (2)

⚠️ Potential Abuse (2)

The following security risks were found based on the above permissions:

• Node proxy GET RCE via WebSocket

📦 Workloads (0)

No workloads use this ServiceAccount.

🤖 dynatrace-logmonitoring

Namespace: default  |  Automount: ❌

🔑 Permissions (2)

⚠️ Potential Abuse (2)

The following security risks were found based on the above permissions:

• Node proxy GET RCE via WebSocket

📦 Workloads (0)

No workloads use this ServiceAccount.

🤖 dynatrace-operator

Namespace: default  |  Automount: ❌

🔑 Permissions (15)

⚠️ Potential Abuse (2)

The following security risks were found based on the above permissions:

• List Namespaces (Cluster Reconnaissance)

📦 Workloads (1)

🤖 dynatrace-otel-collector

Namespace: default  |  Automount: ❌

🔑 Permissions (14)

⚠️ Potential Abuse (2)

The following security risks were found based on the above permissions:

• List Namespaces (Cluster Reconnaissance)

📦 Workloads (0)

No workloads use this ServiceAccount.

🤖 dynatrace-crd-storage-migration

Namespace: default  |  Automount: ❌

🔑 Permissions (4)

⚠️ Potential Abuse (1)

The following security risks were found based on the above permissions:

📦 Workloads (1)

🤖 dynatrace-extension-controller

Namespace: default  |  Automount: ❌

🔑 Permissions (1)

⚠️ Potential Abuse (1)

The following security risks were found based on the above permissions:

📦 Workloads (0)

No workloads use this ServiceAccount.

🤖 dynatrace-activegate

Namespace: default  |  Automount: ❌

🔑 Permissions (0)

No explicit RBAC bindings.

📦 Workloads (0)

No workloads use this ServiceAccount.

🤖 dynatrace-edgeconnect

Namespace: default  |  Automount: ❌

🔑 Permissions (0)

No explicit RBAC bindings.

📦 Workloads (0)

No workloads use this ServiceAccount.

🤖 dynatrace-node-config-collector

Namespace: default  |  Automount: ❌

🔑 Permissions (0)

No explicit RBAC bindings.

📦 Workloads (0)

No workloads use this ServiceAccount.

🤖 dynatrace-sql-ext-exec

Namespace: default  |  Automount: ❌

🔑 Permissions (0)

No explicit RBAC bindings.

📦 Workloads (0)

No workloads use this ServiceAccount.