mirror of
https://github.com/falcosecurity/falco.git
synced 2025-07-04 02:16:46 +00:00
Honor the principle of least privilege for CNCF deployment
Instead of giving a lot of permissions set only the needed ones
This commit is contained in:
Néstor Salceda
parent
4696519deb
commit
1da02bf3ff
@ -1,10 +1,11 @@
|
|||||||
deploy:
|
deploy:
|
||||||
kubectl apply -f nats/
|
kubectl apply -f nats/
|
||||||
kubectl apply -f kubeless/
|
kubectl apply -f kubeless/
|
||||||
kubectl apply -f network-policy.yaml
|
kubectl apply -f ../cluster-role.yaml
|
||||||
kubectl apply -f .
|
kubectl apply -f .
|
||||||
|
|
||||||
clean:
|
clean:
|
||||||
kubectl delete -f kubeless/
|
kubectl delete -f kubeless/
|
||||||
kubectl delete -f nats/
|
kubectl delete -f nats/
|
||||||
kubectl delete -f .
|
kubectl delete -f .
|
||||||
|
kubectl delete -f ../cluster-role.yaml
|
||||||
|
|||||||
@ -1,12 +1,13 @@
|
|||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
kind: ClusterRoleBinding
|
kind: ClusterRoleBinding
|
||||||
metadata:
|
metadata:
|
||||||
name: sysdig-kubeless
|
name: kubernetes-response-engine-cluster-role-binding
|
||||||
roleRef:
|
roleRef:
|
||||||
apiGroup: rbac.authorization.k8s.io
|
apiGroup: rbac.authorization.k8s.io
|
||||||
kind: ClusterRole
|
kind: ClusterRole
|
||||||
name: cluster-admin
|
name: kubernetes-response-engine-cluster-role
|
||||||
subjects:
|
subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: default
|
name: default
|
||||||
namespace: default
|
namespace: default
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
Loading…
Reference in New Issue
Block a user