Controller of pods with default service account

Best practices

Controller of pods with default service account

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

AKS CIS
EKS CIS
GKE CIS
ISO/IEC 27001
K8s CIS
K8s OWASP Top 10
Mitre ATT&CK v12
New Zealand Information Security Manual
NIST 800-53

Description

Controllers are responsible for pods state using a declaration of pod definition. Pods utilize a service account associated with them to communicate with the Kubernetes API, and that service account is mounted by default to any newly created containers. Orca has detected that the Controller {K8sController} creates pods with a default service account, which is not recommended and not part of the best practices.

Recommended Mitigation

Consider changing {K8sController}'s role according to the least privilege principle.

Controller of pods with default service account

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS