keptn-metrics-operator
v0.5.0
2 Service Accounts
1 Workloads
16 Bindings
1 Critical
3 High
12 Low
Description
A Helm chart for Keptn Metrics Operator, a subproject of Keptn
Overview
Identity | Namespace | Automount | Secrets | Permissions | Workloads | Risk |
---|---|---|---|---|---|---|
metrics-operator | default | ❌ | — | 15 | 1 | Critical |
Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.
Identities
🤖 metrics-operator
Namespace: default
| Automount: ❌
🔑 Permissions (15)
Role | Resource | Verbs | Risk | Tags |
---|---|---|---|---|
Role metrics-operator-leader-election-role | coordination.k8s.io/leases | create · delete · get · list · patch · update · watch | Critical | ControlPlaneDisruption CriticalNamespace DenialOfService Tampering |
ClusterRole metrics-operator-role | core/configmaps | get · list · watch | High | ConfigMapAccess DataExposure InformationDisclosure |
Role metrics-operator-leader-election-role | core/configmaps | create · delete · get · list · patch · update · watch | High | ConfigMapAccess DataExposure InformationDisclosure PotentialPrivilegeEscalation Tampering |
ClusterRole metrics-operator-role | metrics.keptn.sh/analyses | create · delete · get · list · patch · update · watch | Low | |
ClusterRole metrics-operator-role | metrics.keptn.sh/analyses/finalizers | update | Low | |
ClusterRole metrics-operator-role | metrics.keptn.sh/analyses/status | get · patch · update | Low | |
ClusterRole metrics-operator-role | metrics.keptn.sh/analysisdefinitions | get · list · watch | Low | |
ClusterRole metrics-operator-role | metrics.keptn.sh/analysisvaluetemplates | get · list · watch | Low | |
Role metrics-operator-leader-election-role | core/events | create · patch | Low | |
ClusterRole metrics-operator-role | metrics.keptn.sh/keptnmetrics | get · list · watch | Low | |
ClusterRole metrics-operator-role | metrics.keptn.sh/keptnmetrics/finalizers | update | Low | |
ClusterRole metrics-operator-role | metrics.keptn.sh/keptnmetrics/status | get · patch · update | Low | |
ClusterRole metrics-operator-role | metrics.keptn.sh/keptnmetricsproviders | get · list · watch | Low | |
ClusterRole metrics-operator-role | metrics.keptn.sh/providers | get · list · watch | Low | |
ClusterRole metrics-operator-role | core/secrets | get | Low |
⚠️ Potential Abuse (5)
The following security risks were found based on the above permissions:
- Read ConfigMaps cluster-wide
- Read ConfigMaps in a namespace
- Modify ConfigMaps in a namespace
- Manage Leases in kube-system or kube-node-lease namespace
📦 Workloads (1)
Kind | Name | Container | Image |
---|---|---|---|
Deployment | metrics-operator | metrics-operator | ghcr.io/keptn/metrics-operator:v2.1.0 |