Description

Gadgets for debugging and introspecting apps

Overview

IdentityNamespaceAutomountSecretsPermissionsWorkloadsRisk
gadgetgadget150High

Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.

Identities

🤖 gadget

Namespace: gadget  |  Automount:

🔑 Permissions (15)

RoleResourceVerbsRiskTags
ClusterRole gadget-cluster-role*/cronjobsgetHighClusterWideAccess WildcardPermission
ClusterRole gadget-cluster-role*/daemonsetsgetHighClusterWideAccess WildcardPermission
ClusterRole gadget-cluster-role*/deploymentsgetHighClusterWideAccess WildcardPermission
ClusterRole gadget-cluster-role*/jobsgetHighClusterWideAccess WildcardPermission
ClusterRole gadget-cluster-role*/replicasetsgetHighClusterWideAccess WildcardPermission
ClusterRole gadget-cluster-role*/replicationcontrollersgetHighClusterWideAccess WildcardPermission
ClusterRole gadget-cluster-role*/statefulsetsgetHighClusterWideAccess WildcardPermission
ClusterRole gadget-cluster-rolecore/namespacesget · list · watchLowClusterStructure InformationDisclosure Reconnaissance
ClusterRole gadget-cluster-rolecore/nodesget · list · watchLow
ClusterRole gadget-cluster-rolecore/podsget · list · watchLow
ClusterRole gadget-cluster-rolesecurity-profiles-operator.x-k8s.io/seccompprofilescreate · list · watchLow
ClusterRole gadget-cluster-rolecore/serviceslistLow
ClusterRole gadget-cluster-rolegadget.kinvolk.io/tracescreate · delete · deletecollection · get · list · patch · update · watchLow
ClusterRole gadget-cluster-rolegadget.kinvolk.io/traces/statuscreate · delete · deletecollection · get · list · patch · update · watchLow
ClusterRole gadget-cluster-rolesecurity.openshift.io/securitycontextconstraints (restricted to: privileged)useLowResourceNameRestricted

⚠️ Potential Abuse (3)

The following security risks were found based on the above permissions:

📦 Workloads (0)

No workloads use this ServiceAccount.