nimbus icon indicating copy to clipboard operation
nimbus copied to clipboard

Published 20 hours ago verified publisher icon 5GSEC

Adapters: Reduce Privileges of `nimbus-k8tls` Adapter

Open anurag-rajawat opened this issue 1 year ago • 0 comments

Description

The nimbus-k8tls adapter currently has overly broad permissions, including the ability to manage ClusterRole and ClusterRoleBinding resources. These permissions are considered highly privileged.

We propose reducing these permissions by pre-packaging the required ClusterRole and ClusterRoleBinding resources within its helm chart. So that, when the adapter is deployed using helm, these resources will be created automatically by helm, eliminating the need for the adapter to have direct management permissions.

References:

https://github.com/5GSEC/nimbus/blob/8e63ed38eb52edadaaec5c13721a7d5372f04154/pkg/adapter/nimbus-k8tls/manager/k8tls.go#L23-L24 https://github.com/5GSEC/nimbus/blob/8e63ed38eb52edadaaec5c13721a7d5372f04154/pkg/adapter/nimbus-k8tls/manager/k8tls.go#L166 https://github.com/5GSEC/nimbus/blob/8e63ed38eb52edadaaec5c13721a7d5372f04154/pkg/adapter/nimbus-k8tls/manager/k8tls.go#L181

Helm chart: https://github.com/5GSEC/nimbus/tree/main/deployments/nimbus-k8tls

anurag-rajawat avatar Jul 18 '24 08:07 anurag-rajawat