lacework-global-744

Ensure that the cluster-admin role is only used where required (Automated)

Description

The Role-Based Access Control (RBAC) role cluster-admin provides wide-ranging powers over the environment. Use these only where and when needed.

Remediation

Identify all clusterrolebindings to the cluster-admin role. Check if they are in use and if they need this role or if they could use a role with fewer privileges.

Where possible, first bind users to a lower-privileged role and then remove the clusterrolebinding to the cluster-admin role:

kubectl delete clusterrolebinding <name>

References

https://kubernetes.io/docs/concepts/cluster-administration/
https://kubernetes.io/docs/reference/access-authn-authz/rbac/

Ensure that the cluster-admin role is only used where required (Automated)​

Description​

Remediation​

References​

Ensure that the cluster-admin role is only used where required (Automated)

Description

Remediation

References