rancher
v2.11.2
2 Service Accounts
2 Workloads
17 Bindings
17 Low
Description
Install Rancher Server to manage Kubernetes clusters across providers.
Overview
| Identity | Namespace | Automount | Secrets | Permissions | Workloads | Risk |
|---|---|---|---|---|---|---|
rancher-post-delete | default | ❌ | — | 17 | 1 | Low |
rancher | default | ❌ | — | 0 | 1 | — |
Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.
Identities
🤖 rancher-post-delete
Namespace: default | Automount: ❌
🔑 Permissions (17)
| Role | Resource | Verbs | Risk | Tags |
|---|---|---|---|---|
ClusterRole rancher-post-delete | rbac.authorization.k8s.io/clusterrolebindings | create · delete · get · list | Low | |
ClusterRole rancher-post-delete | rbac.authorization.k8s.io/clusterroles | create · delete · get · list | Low | |
ClusterRole rancher-post-delete | core/configmaps | delete · get · list | Low | |
ClusterRole rancher-post-delete | apps/deployments | delete · get · list | Low | |
ClusterRole rancher-post-delete | extensions/deployments | delete · get · list | Low | |
ClusterRole rancher-post-delete | networking.k8s.io/ingresses | delete | Low | |
ClusterRole rancher-post-delete | cert-manager.io/issuers | delete | Low | |
ClusterRole rancher-post-delete | batch/jobs | create · delete · get · list · watch | Low | |
ClusterRole rancher-post-delete | admissionregistration.k8s.io/mutatingwebhookconfigurations | delete · get · list | Low | |
ClusterRole rancher-post-delete | networking.k8s.io/networkpolicies | delete · get · list | Low | |
ClusterRole rancher-post-delete | core/pods | delete · get · list | Low | |
ClusterRole rancher-post-delete | rbac.authorization.k8s.io/rolebindings | create · delete · get · list | Low | |
ClusterRole rancher-post-delete | rbac.authorization.k8s.io/roles | create · delete · get · list | Low | |
ClusterRole rancher-post-delete | core/secrets | delete · get · list | Low | |
ClusterRole rancher-post-delete | core/serviceaccounts | create · delete · get · list | Low | |
ClusterRole rancher-post-delete | core/services | delete · get · list | Low | |
ClusterRole rancher-post-delete | admissionregistration.k8s.io/validatingwebhookconfigurations | delete · get · list | Low |
⚠️ Potential Abuse (1)
The following security risks were found based on the above permissions:
📦 Workloads (1)
| Kind | Name | Container | Image |
|---|---|---|---|
| Job | rancher-post-delete | rancher-post-delete | rancher/shell:v0.4.1 |
🤖 rancher
Namespace: default | Automount: ❌
🔑 Permissions (0)
No explicit RBAC bindings.
📦 Workloads (1)
| Kind | Name | Container | Image |
|---|---|---|---|
| Deployment | rancher | rancher | rancher/rancher:v2.11.2 |