I’ve spent the last few weeks trying to setup a secure GKE cluster. But I’ve hit a wall where it seems impossible to find a solution to my (seemingly) simple issue.
I want to block myself and everyone else from reading
secret and running
kubectl exec on a specific customer pod. I’ve tried bruteforce solutions like in this blog post, but I start thinking there is no way to achieve what I need since deleiting every single clusterole and its binding doesn’t affect me when I run
Is there a way to apply RBAC on a pod and its secrets from EVERYONE (sysyadmins, devs, owners)?
Kubernetes version: 1.24.9-gke.3200
Cloud being used: GKE
Host OS: Container OS
CNI and version: Cilium
CRI and version: