2 Service Accounts
3 Workloads
2 Bindings
1 Critical
1 Low
Description
A Helm chart for the nvidia-device-plugin on Kubernetes
Overview
| Identity | Namespace | Automount | Secrets | Permissions | Workloads | Risk |
|---|---|---|---|---|---|---|
nvidia-device-plugin-node-feature-discovery | default | ❌ | — | 2 | 1 | Critical |
nvidia-device-plugin-node-feature-discovery-worker | default | ❌ | — | 0 | 1 | — |
Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.
Identities
🤖 nvidia-device-plugin-node-feature-discovery
Namespace: default | Automount: ❌
🔑 Permissions (2)
| Role | Resource | Verbs | Risk | Tags |
|---|---|---|---|---|
ClusterRole nvidia-device-plugin-node-feature-discovery | core/nodes | get · list · patch · update | Critical | DenialOfService NodeAccess PotentialPrivilegeEscalation Tampering |
ClusterRole nvidia-device-plugin-node-feature-discovery | nfd.k8s-sigs.io/nodefeaturerules | get · list · watch | Low |
⚠️ Potential Abuse (2)
The following security risks were found based on the above permissions:
📦 Workloads (1)
| Kind | Name | Container | Image |
|---|---|---|---|
| Deployment | nvidia-device-plugin-node-feature-discovery-master | master | k8s.gcr.io/nfd/node-feature-discovery:v0.11.0 |
🤖 nvidia-device-plugin-node-feature-discovery-worker
Namespace: default | Automount: ❌
🔑 Permissions (0)
No explicit RBAC bindings.
📦 Workloads (1)
| Kind | Name | Container | Image |
|---|---|---|---|
| DaemonSet | nvidia-device-plugin-node-feature-discovery-worker | worker | k8s.gcr.io/nfd/node-feature-discovery:v0.11.0 |