github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-10-22 03:49:36 +00:00
Code Issues Projects Releases Wiki Activity

Honor the principle of least privilege for CNCF deployment

Browse Source 
Instead of giving a lot of permissions set only the needed ones
This commit is contained in:
Néstor Salceda
2018-11-09 17:45:30 +01:00
parent 4696519deb
commit 1da02bf3ff
2 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
integrations/kubernetes-response-engine/deployment/cncf/Makefile
View File

@@ -1,10 +1,11 @@
deploy:
kubectl apply -f nats/
kubectl apply -f kubeless/
kubectl apply -f network-policy.yaml
kubectl apply -f ../cluster-role.yaml
kubectl apply -f .
clean:
kubectl delete -f kubeless/
kubectl delete -f nats/
kubectl delete -f .
kubectl delete -f ../cluster-role.yaml

5
integrations/kubernetes-response-engine/deployment/cncf/rbac.yaml → integrations/kubernetes-response-engine/deployment/cncf/cluster-role-binding.yaml
View File

@@ -1,12 +1,13 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: sysdig-kubeless
name: kubernetes-response-engine-cluster-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
name: kubernetes-response-engine-cluster-role
subjects:
- kind: ServiceAccount
name: default
namespace: default
apiGroup: rbac.authorization.k8s.io