Andrew Stoltz 191eb91642 security(agent-zero): replace cluster-admin with least-privilege read-only RBAC (SEC-6/RBAC-001) ...

agent-zero is an LLM agent; cluster-admin let raw kubectl bypass the MCP layer to
read every Secret / exec any pod. Swap for a read-only ClusterRole (no secrets/
configmaps/exec/writes) so sensitive + mutating actions go through gated MCP tools.
Already applied live + verified (secrets/exec/write -> Forbidden, observe stays);
this makes it durable so ArgoCD selfHeal doesn't revert to cluster-admin.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

2026-06-18 14:46:07 -05:00

28 KiB

Raw Blame History

View Raw