kube-state-metrics :: RBAC ATLAS

Description

Install kube-state-metrics to generate and expose cluster-level metrics

https://github.com/kubernetes/kube-state-metrics/

Overview

Identity	Namespace	Automount	Secrets	Permissions	Workloads	Risk
`kube-state-metrics`	default	✅	—	28	1	Medium

Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.

Identities

🤖 `kube-state-metrics`

Namespace: default | Automount: ✅

🔑 Permissions (28)

Role	Resource	Verbs	Risk	Tags
ClusterRole `kube-state-metrics`	admissionregistration.k8s.io/mutatingwebhookconfigurations	list · watch	Medium	InformationDisclosure Reconnaissance WebhookReconnaissance
ClusterRole `kube-state-metrics`	admissionregistration.k8s.io/validatingwebhookconfigurations	list · watch	Medium	InformationDisclosure Reconnaissance WebhookReconnaissance
ClusterRole `kube-state-metrics`	certificates.k8s.io/certificatesigningrequests	list · watch	Low
ClusterRole `kube-state-metrics`	core/configmaps	list · watch	Low
ClusterRole `kube-state-metrics`	batch/cronjobs	list · watch	Low
ClusterRole `kube-state-metrics`	apps/daemonsets	list · watch	Low
ClusterRole `kube-state-metrics`	apps/deployments	list · watch	Low
ClusterRole `kube-state-metrics`	core/endpoints	list · watch	Low
ClusterRole `kube-state-metrics`	autoscaling/horizontalpodautoscalers	list · watch	Low
ClusterRole `kube-state-metrics`	networking.k8s.io/ingresses	list · watch	Low
ClusterRole `kube-state-metrics`	batch/jobs	list · watch	Low
ClusterRole `kube-state-metrics`	coordination.k8s.io/leases	list · watch	Low
ClusterRole `kube-state-metrics`	core/limitranges	list · watch	Low
ClusterRole `kube-state-metrics`	core/namespaces	list · watch	Low	ClusterStructure InformationDisclosure Reconnaissance
ClusterRole `kube-state-metrics`	networking.k8s.io/networkpolicies	list · watch	Low
ClusterRole `kube-state-metrics`	core/nodes	list · watch	Low
ClusterRole `kube-state-metrics`	core/persistentvolumeclaims	list · watch	Low
ClusterRole `kube-state-metrics`	core/persistentvolumes	list · watch	Low
ClusterRole `kube-state-metrics`	policy/poddisruptionbudgets	list · watch	Low
ClusterRole `kube-state-metrics`	core/pods	list · watch	Low
ClusterRole `kube-state-metrics`	apps/replicasets	list · watch	Low
ClusterRole `kube-state-metrics`	core/replicationcontrollers	list · watch	Low
ClusterRole `kube-state-metrics`	core/resourcequotas	list · watch	Low
ClusterRole `kube-state-metrics`	core/secrets	list · watch	Low
ClusterRole `kube-state-metrics`	core/services	list · watch	Low
ClusterRole `kube-state-metrics`	apps/statefulsets	list · watch	Low
ClusterRole `kube-state-metrics`	storage.k8s.io/storageclasses	list · watch	Low
ClusterRole `kube-state-metrics`	storage.k8s.io/volumeattachments	list · watch	Low

⚠️ Potential Abuse (4)

The following security risks were found based on the above permissions:

📦 Workloads (1)

Kind	Name	Container	Image
Deployment	kube-state-metrics	kube-state-metrics	registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.15.0

kube-state-metrics

Description

Overview

Identities

🤖 kube-state-metrics

🔑 Permissions (28)

⚠️ Potential Abuse (4)

📦 Workloads (1)

🤖 `kube-state-metrics`