898f2bf942
This change updates the impersonation proxy code to run as a distinct service account that only has permission to impersonate identities. Thus any future vulnerability that causes the impersonation headers to be dropped will fail closed instead of escalating to the concierge's default service account which has significantly more permissions. Signed-off-by: Monis Khan <mok@vmware.com> |
||
---|---|---|
.. | ||
authentication.concierge.pinniped.dev_jwtauthenticators.yaml | ||
authentication.concierge.pinniped.dev_webhookauthenticators.yaml | ||
config.concierge.pinniped.dev_credentialissuers.yaml | ||
deployment.yaml | ||
helpers.lib.yaml | ||
rbac.yaml | ||
README.md | ||
values.yaml | ||
z0_crd_overlay.yaml |