MITRE, YAML-scanning, AllControls
Attackers may attempt to destroy data and resources in the cluster. This includes deleting deployments, configurations, storage, and compute resources.
ClusterRole, ClusterRoleBinding, Role, RoleBinding
Check which subjects have delete/deletecollection RBAC permissions on workloads.
You should follow the least privilege principle and minimize the number of subjects that can delete resources.
kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: namespace: default name: pod-exec rules: - apiGroups: ["*"] resources: ["secrets","pods","services","depolyments","replicasets","deamonsets","stateflsets","jobs,"cronjobs"] # we look for one of these resources or * verbs: ["delete","deletecollection"] # we look for one of these verbs or *
Updated about 2 months ago