4 Service Accounts
4 Workloads
2 Bindings
2 Low
Description
Kasten’s K10 Data Management Platform
Overview
| Identity | Namespace | Automount | Secrets | Permissions | Workloads | Risk |
|---|---|---|---|---|---|---|
k10-grafana | default | ❌ | — | 1 | 1 | Low |
k10-grafana-test | default | ❌ | — | 1 | 1 | Low |
k10-k10 | default | ❌ | — | 0 | 17 | — |
prometheus-server | default | ❌ | — | 0 | 2 | — |
Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.
Identities
🤖 k10-grafana
Namespace: default | Automount: ❌
🔑 Permissions (1)
| Role | Resource | Verbs | Risk | Tags |
|---|---|---|---|---|
Role k10-grafana | extensions/podsecuritypolicies (restricted to: k10-grafana) | use | Low | ResourceNameRestricted |
⚠️ Potential Abuse (1)
The following security risks were found based on the above permissions:
📦 Workloads (1)
| Kind | Name | Container | Image |
|---|---|---|---|
| Deployment | k10-grafana | grafana | grafana/grafana:8.1.0 |
🤖 k10-grafana-test
Namespace: default | Automount: ❌
🔑 Permissions (1)
| Role | Resource | Verbs | Risk | Tags |
|---|---|---|---|---|
Role k10-grafana-test | policy/podsecuritypolicies (restricted to: k10-grafana-test) | use | Low | ResourceNameRestricted |
⚠️ Potential Abuse (1)
The following security risks were found based on the above permissions:
📦 Workloads (1)
| Kind | Name | Container | Image |
|---|---|---|---|
| Pod | k10-grafana-test | k10-test | bats/bats:v1.1.0 |
🤖 k10-k10
Namespace: default | Automount: ❌
🔑 Permissions (0)
No explicit RBAC bindings.
📦 Workloads (17)
| Kind | Name | Container | Image |
|---|---|---|---|
| Deployment | aggregatedapis-svc | aggregatedapis-svc | gcr.io/kasten-images/aggregatedapis:4.0.11 |
| Deployment | auth-svc | auth-svc | gcr.io/kasten-images/auth:4.0.11 |
| Deployment | catalog-svc | catalog-svc | gcr.io/kasten-images/catalog:4.0.11 |
| Deployment | catalog-svc | kanister-sidecar | ghcr.io/kanisterio/kanister-tools:0.66.0 |
| Deployment | config-svc | config-svc | gcr.io/kasten-images/config:4.0.11 |
| Deployment | crypto-svc | bloblifecyclemanager-svc | gcr.io/kasten-images/bloblifecyclemanager:4.0.11 |
| Deployment | crypto-svc | crypto-svc | gcr.io/kasten-images/crypto:4.0.11 |
| Deployment | dashboardbff-svc | dashboardbff-svc | gcr.io/kasten-images/dashboardbff:4.0.11 |
| Deployment | executor-svc | executor-svc | gcr.io/kasten-images/executor:4.0.11 |
| Deployment | executor-svc | tools | gcr.io/kasten-images/cephtool:4.0.11 |
| Deployment | frontend-svc | frontend-svc | gcr.io/kasten-images/frontend:4.0.11 |
| Deployment | gateway | ambassador | quay.io/datawire/ambassador:1.13.8 |
| Deployment | jobs-svc | jobs-svc | gcr.io/kasten-images/jobs:4.0.11 |
| Deployment | kanister-svc | kanister-svc | gcr.io/kasten-images/kanister:4.0.11 |
| Deployment | logging-svc | logging-svc | gcr.io/kasten-images/logging:4.0.11 |
| Deployment | metering-svc | metering-svc | gcr.io/kasten-images/metering:4.0.11 |
| Deployment | state-svc | state-svc | gcr.io/kasten-images/state:4.0.11 |
🤖 prometheus-server
Namespace: default | Automount: ❌
🔑 Permissions (0)
No explicit RBAC bindings.
📦 Workloads (2)
| Kind | Name | Container | Image |
|---|---|---|---|
| Deployment | prometheus-server | prometheus-server | quay.io/prometheus/prometheus:v2.26.0 |
| Deployment | prometheus-server | prometheus-server-configmap-reload | jimmidyson/configmap-reload:v0.5.0 |