From 24fce76bc533884f59fef1ce7c4c0e1d93a38d59 Mon Sep 17 00:00:00 2001
From: Dustin Hilgaertner <dustin@radiusmethod.com>
Date: Wed, 31 Jan 2024 11:05:35 -0600
Subject: [PATCH] Tightened it up to only effect loki service accounts as the
 logging namespace can contain other packages (possibly community packages)

---
 chart/templates/kyverno-policies/values.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/chart/templates/kyverno-policies/values.yaml b/chart/templates/kyverno-policies/values.yaml
index 7e3a6bc3b2..f83b91adcc 100644
--- a/chart/templates/kyverno-policies/values.yaml
+++ b/chart/templates/kyverno-policies/values.yaml
@@ -720,6 +720,8 @@ policies:
           # Enforcing said policies requires access to the API to get/list resources
           - twistlock-defender-ds-*
       - namespace: logging
+        serviceAccounts:
+          - logging-loki-*
         pods:
           allow:
           - logging-loki-minio-ss-*
-- 
GitLab