helm-charts icon indicating copy to clipboard operation
helm-charts copied to clipboard
verified publisher icon haproxytech

Make Secret Rule Configurable in ClusterRole

Open gavk34 opened this issue 4 years ago • 0 comments

I am of the understanding that the rule

- apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - get
  - list
  - watch
  - create
  - patch
  - update

is necessary for TLS termination i.e. managing secrets for Ingress resources. If a user does not wish to utilise TLS/secrets(like we do) then it makes sense not to grant such a powerful permission to the ClusterRole. I raise this because creating this ClusterRole in AZURE AKS triggered a security alert on Defender for "New high privileges role detected".

gavk34 avatar Dec 01 '21 09:12 gavk34