C-0060 - Namespace without service accounts

Namespace without service accounts



Description of the the issue

It is recommended not to use default service account anywhere in production environment. This control identifies all namespaces without explicit non-default service account.

Related resources

Namespace, ServiceAccount

What does this control test

Return all namespaces without any serviceaccounts besides 'default'


Assign explicit service account to every namespace. Reduce RBAC capabilities of such service account to a minimum. Don't allow even read permissions unless it is absolutely necessary.


No example

Did this page help you?