d-bis/smom-dbis-138
4
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity
Files
c3b1b2cebcc2b0cd3c9b375427fea9de24225bee
smom-dbis-138/docs/archive/status-reports/operations-legacy/REVIEW_RBAC.md

1023 B
Raw Blame History

RBAC Review

Overview

RBAC (Role-Based Access Control) has been configured for the besu-network namespace.

Service Accounts Created

  1. besu-validator - For validator pods
  2. besu-sentry - For sentry pods
  3. besu-rpc - For RPC pods
  4. oracle-publisher - For oracle publisher service
  5. rpc-gateway - For RPC gateway

Roles Created

keyvault-reader

  • Purpose: Read secrets from Azure Key Vault
  • Permissions: get, list secrets
  • Scope: besu-network namespace

RoleBindings Created

  1. validator-keyvault-reader - Binds validator service account to keyvault-reader role
  2. oracle-keyvault-reader - Binds oracle publisher service account to keyvault-reader role

Validation

Run the validation script:

./scripts/validation/validate-rbac.sh

Application

Apply RBAC configuration:

kubectl apply -f k8s/rbac/service-accounts.yaml

Testing

Verify service accounts have correct permissions and pods are using correct service accounts.

Reference in New Issue View Git Blame Copy Permalink