Namespace without service accounts

Framework

ArmoBest, AllControls

Severity

Low

Description of the the issue

It is recommended not to use default service account anywhere in production environment. This control identifies all namespaces without explicit non-default service account.

Related resources

Namespace, ServiceAccount

What does this control test

Return all namespaces without any serviceaccounts besides 'default'

Remediation

Assign explicit service account to every namespace. Reduce RBAC capabilities of such service account to a minimum. Don't allow even read permissions unless it is absolutely necessary.

Example

No example