lacework-global-744
Ensure that the cluster-admin role is only used where required (Automated)
Description
The Role-Based Access Control (RBAC) role cluster-admin provides wide-ranging powers over the environment. Use these only where and when needed.
Remediation
Identify all clusterrolebindings
to the cluster-admin role. Check if they are in use and if they need this role or if they could use a role with fewer privileges.
Where possible, first bind users to a lower-privileged role and then remove the clusterrolebinding
to the cluster-admin role:
kubectl delete clusterrolebinding <name>
References
https://kubernetes.io/docs/concepts/cluster-administration/
https://kubernetes.io/docs/reference/access-authn-authz/rbac/