Namespace ci project
Created by alice · 2025-01-10 09:25:00 (498d ago)
Resurrectable ServiceAccount identities here (1)
Surviving cluster-scoped grants address an SA name in this namespace even though the SA object is gone.
| Severity | Principal | Surviving grants |
|---|---|---|
| critical | pipeline resurrectable |
ClusterRoleBindingci-pipeline-clusteradmin
→
cluster-admin
(RBAC)
SCCanyuid
→
anyuid
(SCC user list)
|
Why this category — 1 signal
| Category | Reason |
|---|---|
| project | annotation openshift.io/requester=alice (created via `oc new-project` / Console) |
ServiceAccounts (2)
| Name | Created |
|---|---|
| builder | 1y |
| default | 1y |
Pods (1)
| Pod | Phase | SCC | ServiceAccount | Created |
|---|---|---|---|---|
| build-run-1 | Running | anyuid | builder | 1y |
SCC admissions in this namespace (1)
Which SCCs admitted the pods running here, and how many.
| SCC | Pods | Privileged |
|---|---|---|
| anyuid | 1 | no |
ServiceAccounts from this namespace used elsewhere
Bindings outside ci that grant access to SAs that live here.
Via RoleBindings in other namespaces (2)
| ServiceAccount | Binding | Role |
|---|---|---|
| builder | RoleBinding/ci-builder-deploy-mine in mine-platform | edit |
| builder | RoleBinding/ci-builder-pushes-shared in shared-images | system:image-builder |
Via ClusterRoleBindings (1)
| ServiceAccount | Binding | Role |
|---|---|---|
| pipeline | ClusterRoleBinding/ci-pipeline-clusteradmin | cluster-admin cluster-admin |
Images and ImageStreams here
Images running here (1)
| Image | Registry | Containers |
|---|---|---|
| quay.io/buildah/stable:v1.35 | quay.io | 1 |
RoleBindings (0)
None.
Subjects with access here (7)
Subjects with namespace-effective access here — local RoleBindings, cluster-wide bindings with namespaced resource rules, cross-namespace SAs, groups, and system grants — in one table. Sorted by power so cluster-admin grants surface first. Filter by access bucket or subject kind.
2 rows shown · 7 total
| Subject | Role | Scope | Binding | Source |
|---|---|---|---|---|
| User alice htpasswd-backed | cluster-admin | cluster | ClusterRoleBinding/platform-admins-cluster-admin | ClusterRoleBinding |
| User future-hire@company.com ghost | admin | cluster | ClusterRoleBinding/ghost-future-employee | ClusterRoleBinding |