1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# Copyright (c) 2025 Erick Bourgeois, firestoned
# SPDX-License-Identifier: MIT
---
# Least-privilege RBAC for bindcar's Kubernetes TokenReview authentication (K-2).
#
# bindcar makes EXACTLY ONE Kubernetes API call — `create` on
# `authentication.k8s.io/v1 TokenReview` — and only when built/run with the
# `k8s-token-review` feature. It never reads Secrets, Pods, ConfigMaps, or any
# other resource. We therefore bind a purpose-built ClusterRole that grants ONLY
# `create tokenreviews` (A10), rather than the built-in `system:auth-delegator`,
# which additionally grants `create subjectaccessreviews` — an unused
# cluster-wide authorization-enumeration primitive a leaked token could abuse for
# reconnaissance.
#
# Shipping this manifest closes the gap where operators, lacking a reference,
# over-grant RBAC to a sidecar that runs an internet-adjacent mutate API — so a
# leaked sidecar token would otherwise do far more than token validation.
#
# Adjust `metadata.namespace` and the ServiceAccount name to match the BIND9
# pods created by the bindy operator (set the pod's `serviceAccountName` to this
# SA). If bindcar runs in `drone`/explicit mode with KUBE_TOKEN_PATH, bind that
# token's identity instead.
apiVersion: v1
kind: ServiceAccount
metadata:
name: bindcar
namespace: bindy-system
labels:
app.kubernetes.io/name: bindcar
app.kubernetes.io/component: serviceaccount
# Recommended: do NOT auto-mount the SA token unless TokenReview is in use.
# When bindcar runs without the k8s-token-review feature (drone/bare-metal) it
# needs no cluster credentials at all, so withholding the token removes a
# pivot primitive if the sidecar is compromised (see pod-hardening.yaml, K-3).
automountServiceAccountToken: false
---
# Purpose-built ClusterRole: the ENTIRE cluster privilege bindcar requires is
# `create` on TokenReview. Unlike system:auth-delegator, it does NOT grant
# subjectaccessreviews (A10), so a leaked sidecar token cannot enumerate cluster
# authorization.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: bindcar-tokenreview
labels:
app.kubernetes.io/name: bindcar
app.kubernetes.io/component: rbac
rules:
- apiGroups:
resources:
verbs:
---
# Bind the bindcar ServiceAccount to the minimal TokenReview role above.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: bindcar-tokenreview
labels:
app.kubernetes.io/name: bindcar
app.kubernetes.io/component: rbac
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: bindcar-tokenreview
subjects:
- kind: ServiceAccount
name: bindcar
namespace: bindy-system