Description

A Helm chart for Keptn Certificate Manager, a subproject of Keptn

Overview

IdentityNamespaceAutomountSecretsPermissionsWorkloadsRisk
certificate-operatordefault91Critical

Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.


Identities

🤖 certificate-operator

Namespace: default  |  Automount:

🔑 Permissions (9)

RoleResourceVerbsRiskTags
Role certificate-operator-leader-election-rolecoordination.k8s.io/leasescreate · delete · get · list · patch · update · watchCriticalControlPlaneDisruption CriticalNamespace DenialOfService Tampering
Role certificate-operator-leader-election-rolecore/configmapscreate · delete · get · list · patch · update · watchHighConfigMapAccess DataExposure InformationDisclosure PotentialPrivilegeEscalation Tampering
ClusterRole certificate-operator-roleadmissionregistration.k8s.io/mutatingwebhookconfigurationsget · list · patch · update · watchMediumInformationDisclosure Reconnaissance WebhookReconnaissance
ClusterRole certificate-operator-roleadmissionregistration.k8s.io/validatingwebhookconfigurationsget · list · patch · update · watchMediumInformationDisclosure Reconnaissance WebhookReconnaissance
ClusterRole certificate-operator-roleapiextensions.k8s.io/customresourcedefinitionsget · list · patch · update · watchLow
ClusterRole certificate-operator-roleapps/deploymentsget · list · watchLow
Role certificate-operator-leader-election-rolecore/eventscreate · patchLow
Role certificate-operator-rolecore/secretscreate · list · watchLow
Role certificate-operator-rolecore/secrets (restricted to: keptn-certs)get · patch · updateLowResourceNameRestricted

⚠️ Potential Abuse (6)

The following security risks were found based on the above permissions:

📦 Workloads (1)

KindNameContainerImage
Deploymentcertificate-operatorcertificate-operatorghcr.io/keptn/certificate-operator:v3.0.0