From 33699f9d45d38a19c75546bb70d40d765479030b Mon Sep 17 00:00:00 2001
From: "s.kanibor" <s.kanibor@dsec.ru>
Date: Sat, 15 Jan 2022 14:18:21 +0300
Subject: [PATCH] add vuln RBAC

---
 k8s_template/deployment.yaml | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/k8s_template/deployment.yaml b/k8s_template/deployment.yaml
index 6354a0c..90ac23c 100644
--- a/k8s_template/deployment.yaml
+++ b/k8s_template/deployment.yaml
@@ -1,3 +1,32 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: log4shell
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: allow_all
+rules:
+  - apiGroups:
+      - '*'
+    resources:
+      - '*'
+    verbs:
+      - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: allow_all_bind
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: allow_all
+subjects:
+  - kind: ServiceAccount
+    name: log4shell
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -12,6 +41,7 @@ spec:
       labels:
         app: log4shell
     spec:
+      serviceAccountName: log4shell
       containers:
       - name: log4shell
         image: ghcr.io/christophetd/log4shell-vulnerable-app