generated from coulomb/repo-seed
31 lines
1.0 KiB
Markdown
31 lines
1.0 KiB
Markdown
---
|
|
id: benchmark/caring/kubernetes-rbac/readme
|
|
title: CARING Kubernetes RBAC Benchmark Workspace
|
|
status: candidate
|
|
created_by_workplan: ITC-WP-0010
|
|
---
|
|
|
|
# CARING Kubernetes RBAC Benchmark
|
|
|
|
This workspace analyzes Kubernetes RBAC as a CARING benchmark, not as a
|
|
shortcut profile. It is designed to stress access-governance orthogonality
|
|
across Access Control, Organization, Governance, Security, Landscape,
|
|
DevSecOps, Network, Observability, Task, and Tagging.
|
|
|
|
The benchmark keeps Kubernetes native constructs separate from CARING meaning:
|
|
|
|
- `Role` and `ClusterRole` are rule bundles or capability profiles, not
|
|
automatically CARING canonical roles.
|
|
- `RoleBinding` and `ClusterRoleBinding` are grants or assignments.
|
|
- `ServiceAccount` is a service subject and a workload identity anchor.
|
|
- `Namespace` is a useful scope signal, but it is not automatically a tenant
|
|
boundary.
|
|
|
|
Indexed benchmark artifacts:
|
|
|
|
- `benchmark.yaml`
|
|
- `native-concepts.yaml`
|
|
- `caring-mapping.yaml`
|
|
- `access-descriptors.yaml`
|
|
- `findings-and-canon-pressure.yaml`
|