According http://static.open-scap.org/ssg-guides/ssg-ocp4-guide-cis.html#xccdf_org.ssgproject.content_rule_rbac_wildcard_use the usage of wildcard in ClusterRole and Roles should be prevented as best as possible. Further, one should refrain from using `cluster-admin` permissions to comply with CIS security requirements. It's therefore requested to review the below serviceAccount and their associated Roles as they were found not to be compliant with the above and restrict permissions further to the extend possible. - system:serviceaccount:openshift-ingress-operator:ingress-operator
Setting blocker-. I have the same questions for this BZ as I have for bug 2066670: > Further, one should refrain from using `cluster-admin` permissions to comply > with CIS security requirements. Which clusterrole or binding is this referring to? Is this request part of a larger audit of cluster operators?
This issue is stale and has been closed because it has been open 90 days or more with no noted activity/comments in the last 60 days. If this issue is crucial and still needs resolution, please open a new jira issue and the engineering team will triage and prioritize accordingly.