Ensure that the cluster-admin role is only used where required
An XCCDF Rule
Description
The RBAC role cluster-admin provides wide-ranging powers over the environment and should be used only where and when needed.
Rationale
Kubernetes provides a set of default roles where RBAC is used. Some of these roles such as cluster-admin provide wide-ranging privileges which should only be applied where absolutely necessary. Roles such as cluster-admin allow super-user access to perform any action on any resource. When used in a ClusterRoleBinding, it gives full control over every resource in the cluster and in all namespaces. When used in a RoleBinding, it gives full control over every resource in the rolebinding's namespace, including the namespace itself.
- ID
- xccdf_org.ssgproject.content_rule_rbac_limit_cluster_admin
- Severity
- Medium
- References
- Updated