Intelligence Section 05.C

Kubernetes Findings

Container orchestration and RBAC mesh analysis for the AiVRIC AKS Fleet.

ID: aivric-aks-cluster 87.4% Pass Rate

Postures vs Failures

High Risk Gaps

306

100% of failed findings are categorized as HIGH risk, primarily driven by systemic RBAC wildcard permissions across the cluster fabric.

RBAC Intensity Map

Systemic RBAC Over-Privilege

Tactical Risk Analysis

Check rbac_minimize_wildcard_use_roles failed across 306 distinct resource instances. ClusterRoles and Roles are using wildcard (*) permissions for resources and verbs, bypassing least-privilege protocols. This enables potential pod-to-cluster lateral movement and unrestricted secret access if a workload is compromised.

Topological Risk Registry

High-Impact ClusterRoles Isolation

{[ { n: 'cluster-admin', c: 'System', w: 'Full Registry', s: 'CRITICAL', cl: 'text-danger-red' }, { n: 'argocd-server', c: 'GitOps', w: 'Resources/Verbs', s: 'HIGH', cl: 'text-orange-500' }, { n: 'istiod-clusterrole', c: 'Mesh', w: 'Resources', s: 'HIGH', cl: 'text-orange-500' }, { n: 'prometheus-operator', c: 'Monitoring', w: 'Resources', s: 'HIGH', cl: 'text-orange-500' }, { n: 'prowler-scanner-role', c: 'Security', w: 'Verbs', s: 'HIGH', cl: 'text-orange-500' } ].map(row => ( ))}

ClusterRole Artifact	Category	Wildcard Ingress	Mission Risk
{row.n}	{row.c}	{row.w}	{row.s}