I got some security feedback suggesting that we shouldn't assign 'bind', 'escalate', or 'impersonate' permissions to any principals. The most notable roles mentioned were 'admin' and 'edit'. I'm considering removing these roles and switching to custom roles that grant only the necessary privileges. However, I'm a bit of a beginner when it comes to Kubernetes security, and I'm wondering if completely removing these roles is a good move. Would it complicate things for us down the line? Is this a common best practice to follow? Thanks in advance!
2 Answers
I wouldn’t recommend deleting the admin role. Just don't role-bind it and opt for a custom role instead. Keeping the admin role around can be beneficial even if you don’t actively use it.
Creating custom roles with minimal permissions is definitely the right approach. Just make sure to thoroughly create and test those custom roles before you remove the existing 'admin' and 'edit' roles. By the way, if your developers have admin permissions, consider limiting those as well—it's best to hide admin access behind a more secure method.
Thanks! I'm all in on using custom roles for the least privilege. Just wasn't sure if removing the 'admin' role might cause major issues since I'm still learning about K8s.