Kubernetes RBAC Best Practices Guide
raesene opened this issue · 5 comments
Following on from discussion at the last SIG-Security Docs meeting, there's an idea to have a Kubernetes RBAC best practices page. Covering topics like general good practices and also rights which could present a risk of privilege escalation.
In terms of location on the k/website , one idea was to place it under the security concepts page.
Working draft is on HackMD at https://hackmd.io/Tkr1H6dfR1Gu3jcczbCmlw .
cc @savitharaghunathan @reylejano
/sig security docs
To make it actionable, it would be nice if the following could be tackled:
- How can we identify highly privileged / potentially misconfigured (Cluster)Roles in a running cluster?
- How can we scan resource files for these, ahead of deployment time?
Some ideas (incomplete): kubiscan (runtime), regula (resource files).
Some other infrastructure-as-code scanning tools officially support K8s, but are not specifically looking at RBAC configurations.
yeah if we can add tooling/review sections, I think that'd be useful. I think there's a couple of levels to work at. Describing general principles is useful in case the users case isn't specifically covered later (e.g. generally avoiding * is a good idea, but it probably can't be a hard and fast rule), and then tooling/hard examples are good as well for precise things that can be easily scanned/reviewed for either at runtime or in IaC scanning.
There's a decent array of Kubernetes RBAC tools, some more for the list that might be worth considering.
Now that the RBAC good practice guide has been merged and is available here, should we close this issue?
/close
@savitharaghunathan: Closing this issue.
In response to this:
/close
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.