Files
info-tech-canon/infospace/standards/caring/benchmarks/kubernetes-rbac/README.md

31 lines
1.0 KiB
Markdown

---
id: benchmark/caring/kubernetes-rbac/readme
title: CARING Kubernetes RBAC Benchmark Workspace
status: candidate
created_by_workplan: ITC-WP-0010
---
# CARING Kubernetes RBAC Benchmark
This workspace analyzes Kubernetes RBAC as a CARING benchmark, not as a
shortcut profile. It is designed to stress access-governance orthogonality
across Access Control, Organization, Governance, Security, Landscape,
DevSecOps, Network, Observability, Task, and Tagging.
The benchmark keeps Kubernetes native constructs separate from CARING meaning:
- `Role` and `ClusterRole` are rule bundles or capability profiles, not
automatically CARING canonical roles.
- `RoleBinding` and `ClusterRoleBinding` are grants or assignments.
- `ServiceAccount` is a service subject and a workload identity anchor.
- `Namespace` is a useful scope signal, but it is not automatically a tenant
boundary.
Indexed benchmark artifacts:
- `benchmark.yaml`
- `native-concepts.yaml`
- `caring-mapping.yaml`
- `access-descriptors.yaml`
- `findings-and-canon-pressure.yaml`