A user or identity is bound to cluster-admin (or equivalent). Cluster-admin has full control of the cluster; such bindings should be limited and audited.
Warning
N/A
- Report shows that a user has cluster-admin
- User appears in a ClusterRoleBinding to cluster-admin (or role with equivalent privileges)
- Remove cluster-admin from users who do not need cluster-wide admin
- Create custom ClusterRoles with only the required permissions
- Use groups and RBAC to grant minimal access per team or namespace
- Enable audit logging and review cluster-admin usage regularly