Skip to main content

Measures

RBAC

Important Measures

The following questions need to be addressed:

Who is allowed to create clusterroles/roles and bindings?
Should only one person be responsible for this, or e.g. someone for clusterroles, someone else for roles and again someone else for the respective bindings?
Which clusterroles should there be?
Which Roles should there be?
Which naming convention makes sense?
What is not covered by RBAC?
How are elements not covered by RBAC handled?

Included in the following risks

Set Kubernetes application roles/rights