Description

Helm chart to deploy altinity-clickhouse-operator. The ClickHouse Operator creates, configures and manages ClickHouse clusters running on Kubernetes.

Overview

IdentityNamespaceAutomountSecretsPermissionsWorkloadsRisk
altinity-clickhouse-operatorntnx-cpaas252Critical

Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.


Identities

🤖 altinity-clickhouse-operator

Namespace: ntnx-cpaas  |  Automount:

🔑 Permissions (25)

RoleResourceVerbsRiskTags
ClusterRole altinity-clickhouse-operatorcore/configmapscreate · delete · get · list · patch · update · watchCriticalConfigMapAccess DataExposure InformationDisclosure PotentialPrivilegeEscalation Tampering
ClusterRole altinity-clickhouse-operatorcore/podsdelete · get · list · patch · update · watchCriticalPotentialPrivilegeEscalation PrivilegeEscalation Tampering WorkloadExecution
ClusterRole altinity-clickhouse-operatorcore/secretscreate · delete · get · list · patch · update · watchCriticalClusterWideSecretAccess CredentialAccess DataExposure InformationDisclosure Persistence (+4 more)
ClusterRole altinity-clickhouse-operatorcore/servicescreate · delete · get · list · patch · update · watchCriticalDenialOfService NetworkManipulation ServiceExposure Tampering
ClusterRole altinity-clickhouse-operatorapps/statefulsetscreate · delete · get · list · patch · update · watchCriticalPersistence PotentialPrivilegeEscalation PrivilegeEscalation Tampering WorkloadLifecycle
ClusterRole altinity-clickhouse-operatorpolicy/poddisruptionbudgetscreate · delete · get · list · patch · update · watchMediumAvailabilityImpact DenialOfService Tampering
ClusterRole altinity-clickhouse-operatorclickhouse.altinity.com/clickhouseinstallationsdelete · get · list · patch · update · watchLow
ClusterRole altinity-clickhouse-operatorclickhouse.altinity.com/clickhouseinstallations/finalizersupdateLow
ClusterRole altinity-clickhouse-operatorclickhouse.altinity.com/clickhouseinstallations/statuscreate · delete · get · patch · updateLow
ClusterRole altinity-clickhouse-operatorclickhouse.altinity.com/clickhouseinstallationtemplatesget · list · watchLow
ClusterRole altinity-clickhouse-operatorclickhouse.altinity.com/clickhouseinstallationtemplates/finalizersupdateLow
ClusterRole altinity-clickhouse-operatorclickhouse.altinity.com/clickhouseinstallationtemplates/statuscreate · delete · get · patch · updateLow
ClusterRole altinity-clickhouse-operatorclickhouse-keeper.altinity.com/clickhousekeeperinstallationsdelete · get · list · patch · update · watchLow
ClusterRole altinity-clickhouse-operatorclickhouse-keeper.altinity.com/clickhousekeeperinstallations/finalizersupdateLow
ClusterRole altinity-clickhouse-operatorclickhouse-keeper.altinity.com/clickhousekeeperinstallations/statuscreate · delete · get · patch · updateLow
ClusterRole altinity-clickhouse-operatorclickhouse.altinity.com/clickhouseoperatorconfigurationsget · list · watchLow
ClusterRole altinity-clickhouse-operatorclickhouse.altinity.com/clickhouseoperatorconfigurations/finalizersupdateLow
ClusterRole altinity-clickhouse-operatorclickhouse.altinity.com/clickhouseoperatorconfigurations/statuscreate · delete · get · patch · updateLow
ClusterRole altinity-clickhouse-operatorapiextensions.k8s.io/customresourcedefinitionsget · listLow
ClusterRole altinity-clickhouse-operatorcore/endpointsget · list · watchLow
ClusterRole altinity-clickhouse-operatorcore/eventscreateLow
ClusterRole altinity-clickhouse-operatorcore/persistentvolumeclaimscreate · delete · get · list · patch · update · watchLow
ClusterRole altinity-clickhouse-operatorcore/persistentvolumesget · list · patch · update · watchLow
ClusterRole altinity-clickhouse-operatorapps/replicasetsdelete · get · patch · updateLow
ClusterRole altinity-clickhouse-operatorapps/deployments (restricted to: altinity-clickhouse-operator)delete · get · patch · updateLowResourceNameRestricted

⚠️ Potential Abuse (16)

The following security risks were found based on the above permissions:

📦 Workloads (2)

KindNameContainerImage
Deploymentaltinity-clickhouse-operatoraltinity-clickhouse-operatorartifactory.dyn.ntnxdpro.com/canaveral-legacy-docker/cpaas-clickhouse-altinity-operator:0.24.2
Deploymentaltinity-clickhouse-operatormetrics-exporterartifactory.dyn.ntnxdpro.com/canaveral-legacy-docker/cpaas-clickhouse-metrics-exporter:0.24.2