Skip to content

Document AnyUID in OpenShift GitLab Operator

Problem Description

We need to document the AnyUID Constraints inside of OpenShift. This should be an addendum to the GitLab Operator Readme. This needs to describe the following.

Action Items:

  • Describe how Service Accounts run pods, and how AnyUID Affects them.
  • Describe what can happen if an attacker can leverage a privilege exploit.
  • Describe how this affects the GitLab Runner. (Runner)
  • Describe how this affects the GitLab Application.
  • Describe how this affects DAST, SAST, AutoDevOps. (Runner)
  • Describe how we plan to mitigate this.
Edited by Jason Plum