generated from coulomb/repo-seed
1.0 KiB
1.0 KiB
id, title, status, created_by_workplan
| id | title | status | created_by_workplan |
|---|---|---|---|
| benchmark/caring/kubernetes-rbac/readme | CARING Kubernetes RBAC Benchmark Workspace | candidate | ITC-WP-0010 |
CARING Kubernetes RBAC Benchmark
This workspace analyzes Kubernetes RBAC as a CARING benchmark, not as a shortcut profile. It is designed to stress access-governance orthogonality across Access Control, Organization, Governance, Security, Landscape, DevSecOps, Network, Observability, Task, and Tagging.
The benchmark keeps Kubernetes native constructs separate from CARING meaning:
RoleandClusterRoleare rule bundles or capability profiles, not automatically CARING canonical roles.RoleBindingandClusterRoleBindingare grants or assignments.ServiceAccountis a service subject and a workload identity anchor.Namespaceis a useful scope signal, but it is not automatically a tenant boundary.
Indexed benchmark artifacts:
benchmark.yamlnative-concepts.yamlcaring-mapping.yamlaccess-descriptors.yamlfindings-and-canon-pressure.yaml