Namespace mine-platform project privileged pods
Created by alice · 2025-01-10 09:20:00 (498d ago)
Why this category — 1 signal
| Category | Reason |
|---|---|
| project | annotation openshift.io/requester=alice (created via `oc new-project` / Console) |
ServiceAccounts (2)
| Name | Created |
|---|---|
| builder | 1y |
| default | 1y |
Pods (3)
| Pod | Phase | SCC | ServiceAccount | Created |
|---|---|---|---|---|
| privileged-debug | Running | privileged | builder | 1y |
| api-2 | Running | anyuid | builder | 1y |
| api-1 | Running | anyuid | builder | 1y |
SCC admissions in this namespace (2)
Which SCCs admitted the pods running here, and how many.
| SCC | Pods | Privileged |
|---|---|---|
| anyuid | 2 | no |
| privileged | 1 | yes |
ServiceAccounts from this namespace used elsewhere
Bindings outside mine-platform that grant access to SAs that live here.
Via RoleBindings in other namespaces (1)
| ServiceAccount | Binding | Role |
|---|---|---|
| default | RoleBinding/mine-pulls-shared in shared-images | system:image-puller |
Via ClusterRoleBindings (0)
None.
Images and ImageStreams here
ImageStreams owned by this namespace (1)
- api
Images running here (3)
| Image | Registry | Containers |
|---|---|---|
| docker.io/library/nginx:1.25 | docker.io | 2 |
| …openshift-image-registry.svc:5000/mine-platform/api:latest | image-registry.openshift-image-registry.svc:5000 | 1 |
| registry.redhat.io/rhel8/support-tools:latest | registry.redhat.io | 1 |
RoleBindings (6)
| Name | Role | Subjects | Created |
|---|---|---|---|
| mine-builder-use-anyuid | ClusterRole system:openshift:scc:anyuid | ServiceAccountbuilder | 1y |
| ci-builder-deploy-mine | ClusterRole edit | ServiceAccountbuilder (ci) | 1y |
| manual-approver-restarter | Role deployment-restarter | Usermanual-approver | 1y |
| alice-config-reader | Role config-reader | Useralice | 1y |
| admin-rb-copy | ClusterRole admin admin | Groupengineers | 1y |
| admin-rb | ClusterRole admin admin | Groupengineers | 1y |
Subjects with access here (18)
Subjects with namespace-effective access here — local RoleBindings, cluster-wide bindings with namespaced resource rules, cross-namespace SAs, groups, and system grants — in one table. Sorted by power so cluster-admin grants surface first. Filter by access bucket or subject kind.
10 rows shown · 18 total
| Subject | Role | Scope | Binding | Source |
|---|---|---|---|---|
| User alice htpasswd-backed | cluster-admin | cluster | ClusterRoleBinding/platform-admins-cluster-admin | ClusterRoleBinding |
| User future-hire@company.com ghost | admin | cluster | ClusterRoleBinding/ghost-future-employee | ClusterRoleBinding |
| User alice htpasswd-backed | admin | namespace:mine-platform | RoleBinding/admin-rb | Local RoleBinding |
| User alice htpasswd-backed | admin | namespace:mine-platform | RoleBinding/admin-rb-copy | Local RoleBinding |
| User eve htpasswd-backed | admin | namespace:mine-platform | RoleBinding/admin-rb | Local RoleBinding |
| User eve htpasswd-backed | admin | namespace:mine-platform | RoleBinding/admin-rb-copy | Local RoleBinding |
| User nina-onboarding ghost latent | admin | namespace:mine-platform | RoleBinding/admin-rb | Local RoleBinding |
| User nina-onboarding ghost latent | admin | namespace:mine-platform | RoleBinding/admin-rb-copy | Local RoleBinding |
| User alice htpasswd-backed | config-reader | namespace:mine-platform | RoleBinding/alice-config-reader | Local RoleBinding |
| User manual-approver No ID | deployment-restarter | namespace:mine-platform | RoleBinding/manual-approver-restarter | Local RoleBinding |