Enable usage of different service accounts for Kube-Bench, Kube-Hunter, Trivy, ... #646
christianhuth
started this conversation in
Development
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Problem:
At the moment every pod started by the starboard operator will use the service account associated with the starboard-operator pod. This is bad in cases where you want the starboard operator to run e.g. without root privileges. Then e.g. kube-bench is not able to start.
Solution:
Start kube-bench, kube-hunter and trivy-scanner pods with their own serviceaccount, so we can give these pods their needed privileges via psp and rbac.
Beta Was this translation helpful? Give feedback.
All reactions