Security: Add ServiceAccount and RBAC configurations

## Priority: HIGH

## Description
ServiceAccount is referenced in 6/8 deployment manifests but not defined as a ConfigHub unit. This violates PCI-DSS 8.2 (Unique IDs) requirements.

## Impact
- Pods cannot start without the ServiceAccount
- No RBAC policies are defined, allowing excessive permissions
- Compliance violation for regulated environments

## Required Actions
1. Create ServiceAccount manifests for each namespace
2. Define Role and RoleBinding with least privilege
3. Add NetworkPolicy for pod-to-pod communication
4. Document RBAC model

## Acceptance Criteria
- [ ] ServiceAccount created for each environment
- [ ] RBAC policies follow least privilege principle
- [ ] NetworkPolicies restrict unnecessary traffic
- [ ] Documentation updated with security model

## References
- Original finding in SECURITY-REVIEW.md (now archived)
- PCI-DSS 8.2 compliance requirement

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security: Add ServiceAccount and RBAC configurations #1

Priority: HIGH

Description

Impact

Required Actions

Acceptance Criteria

References

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Security: Add ServiceAccount and RBAC configurations #1

Description

Priority: HIGH

Description

Impact

Required Actions

Acceptance Criteria

References

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions