Description

OpenTelemetry Operator Helm chart for Kubernetes

Overview

IdentityNamespaceAutomountSecretsPermissionsWorkloadsRisk
opentelemetry-operatordefault232Critical

Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.

Identities

🤖 opentelemetry-operator

Namespace: default  |  Automount:

🔑 Permissions (23)

RoleResourceVerbsRiskTags
ClusterRole opentelemetry-operator-managercore/configmapscreate · delete · get · list · patch · update · watchCriticalConfigMapAccess DataExposure InformationDisclosure PotentialPrivilegeEscalation Tampering
ClusterRole opentelemetry-operator-managerapps/daemonsetscreate · delete · get · list · patch · update · watchCriticalNodeAccess Persistence PrivilegeEscalation Tampering WorkloadLifecycle
ClusterRole opentelemetry-operator-managerapps/deploymentscreate · delete · get · list · patch · update · watchCriticalPersistence PotentialPrivilegeEscalation PrivilegeEscalation Tampering WorkloadLifecycle
ClusterRole opentelemetry-operator-managercore/servicescreate · delete · get · list · patch · update · watchCriticalDenialOfService NetworkManipulation ServiceExposure Tampering
ClusterRole opentelemetry-operator-managerapps/statefulsetscreate · delete · get · list · patch · update · watchCriticalPersistence PotentialPrivilegeEscalation PrivilegeEscalation Tampering WorkloadLifecycle
Role opentelemetry-operator-leader-electioncore/configmapscreate · delete · get · list · patch · update · watchHighConfigMapAccess DataExposure InformationDisclosure PotentialPrivilegeEscalation Tampering
ClusterRole opentelemetry-operator-managernetworking.k8s.io/ingressescreate · delete · get · list · patch · update · watchHighDenialOfService NetworkManipulation ServiceExposure Tampering
ClusterRole opentelemetry-operator-managercore/serviceaccountscreate · delete · get · list · patch · update · watchHighIdentityManagement PotentialPrivilegeEscalation Tampering
ClusterRole opentelemetry-operator-proxyauthorization.k8s.io/subjectaccessreviewscreateMediumInformationDisclosure RBACQuery
ClusterRole opentelemetry-operator-proxyauthentication.k8s.io/tokenreviewscreateMediumCredentialAccess InformationDisclosure RBACQuery
Role opentelemetry-operator-leader-electioncore/configmaps/statusget · patch · updateLow
ClusterRole opentelemetry-operator-managerdiscovery.k8s.io/endpointslicesget · list · watchLow
ClusterRole opentelemetry-operator-managercore/eventscreate · patchLow
Role opentelemetry-operator-leader-electioncore/eventscreate · patchLow
ClusterRole opentelemetry-operator-managerautoscaling/horizontalpodautoscalerscreate · delete · get · list · patch · update · watchLow
ClusterRole opentelemetry-operator-manageropentelemetry.io/instrumentationsget · list · patch · update · watchLow
ClusterRole opentelemetry-operator-managercoordination.k8s.io/leasescreate · get · list · updateLow
ClusterRole opentelemetry-operator-managercore/namespaceslist · watchLowClusterStructure InformationDisclosure Reconnaissance
ClusterRole opentelemetry-operator-manageropentelemetry.io/opentelemetrycollectorsget · list · patch · update · watchLow
ClusterRole opentelemetry-operator-manageropentelemetry.io/opentelemetrycollectors/finalizersget · patch · updateLow
ClusterRole opentelemetry-operator-manageropentelemetry.io/opentelemetrycollectors/statusget · patch · updateLow
ClusterRole opentelemetry-operator-managerapps/replicasetsget · list · watchLow
ClusterRole opentelemetry-operator-managerroute.openshift.io/routescreate · delete · get · list · patch · update · watchLow

⚠️ Potential Abuse (19)

The following security risks were found based on the above permissions:

📦 Workloads (2)

KindNameContainerImage
Deploymentopentelemetry-operatorkube-rbac-proxyquay.io/brancz/kube-rbac-proxy:v0.14.1
Deploymentopentelemetry-operatormanagerghcr.io/open-telemetry/opentelemetry-operator/opentelemetry-operator:v0.76.1