This message was deleted.

Have you considered that perhaps the “owner” for auditing purposes shouldn’t also be tied to the “owner” RBAC role? Like maybe you put an annotation on the cluster to denote the single named individual that “owns” it for purposes of the STIG, but grant other users access to it via RBAC?

I have not as I don’t own the cluster, my team simply is a user of it to deploy/host our application, but i can mention this to the engineers that own it.

yeah I think they’ve addressed the STIG requirement the wrong way. Having an individual who “owns” the cluster for resource tracking purposes doesn’t mean that only one user can have the “cluster owner” role.

Thanks for the tip. I’m gonna pass this along to them. I was able to convince them to give me Cluster Owner, but i believe they are still looking for a way around that, so this info could be really helpful for them. Thank you!