-
Bug
-
Resolution: Won't Do
-
Minor
-
None
-
4.13, 4.12, 4.11, 4.10, 4.14
-
None
-
None
-
False
-
Description of problem:
bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2066691 According http://static.open-scap.org/ssg-guides/ssg-ocp4-guide-cis.html#xccdf_org.ssgproject.content_rule_rbac_wildcard_use the usage of wildcard in ClusterRole and Roles should be prevented as best as possible. Further, one should refrain from using `cluster-admin` permissions to comply with CIS security requirements. It's therefore requested to review the below serviceAccount and their associated Roles as they were found not to be compliant with the above and restrict permissions further to the extend possible. - system:serviceaccount:openshift-kube-scheduler-operator:openshift-kube-scheduler-operator - system:serviceaccount:openshift-kube-scheduler:installer-sa - system:serviceaccount:openshift-kube-scheduler:localhost-recovery-client
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
1. 2. 3.
Actual results:
Expected results:
Additional info:
- is related to
-
OCPBUGS-5804 openshift: kube-controller-manager: Minimize wildcard/privilege Usage in Cluster and Local Roles [openshift-4]
- Closed