2 Service Accounts
2 Workloads
2 Bindings
2 Low
Description
Helm Chart for Capsule Proxy, addon for Capsule, the multi-tenant Operator
Overview
| Identity | Namespace | Automount | Secrets | Permissions | Workloads | Risk |
|---|---|---|---|---|---|---|
capsule-proxy-crds | default | ❌ | — | 2 | 1 | Low |
capsule-proxy | default | ❌ | — | 0 | 2 | — |
Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.
Identities
🤖 capsule-proxy-crds
Namespace: default | Automount: ❌
🔑 Permissions (2)
| Role | Resource | Verbs | Risk | Tags |
|---|---|---|---|---|
ClusterRole capsule-proxy-crds | apiextensions.k8s.io/customresourcedefinitions | create · delete · get · patch | Low | |
ClusterRole capsule-proxy-crds | core/jobs | create · delete | Low |
⚠️ Potential Abuse (1)
The following security risks were found based on the above permissions:
📦 Workloads (1)
| Kind | Name | Container | Image |
|---|---|---|---|
| Job | capsule-proxy-crds | crds-hook | docker.io/clastix/kubectl:v1.20 |
🤖 capsule-proxy
Namespace: default | Automount: ❌
🔑 Permissions (0)
No explicit RBAC bindings.
📦 Workloads (2)
| Kind | Name | Container | Image |
|---|---|---|---|
| Deployment | capsule-proxy | capsule-proxy | ghcr.io/projectcapsule/capsule-proxy:v0.10.1 |
| Job | capsule-proxy-certgen | post-install-job | registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.6.5 |