Merge branch...

Merge branch 'fix-automount-serviceaccount-token-for-stateful-and-deps-monitoring-loki' into 'master' closing loophole in monitoring/loki - statefulsets and deployments - automountserviceaccounttoken See merge request !3867

Merge branch...
34a4f2b1 · Michael Martin · 9e44ee74 · ca44a50f · 34a4f2b1
Commit 34a4f2b1 authored 1 year ago by Michael Martin
--- a/chart/templates/kyverno-policies/values.yaml
+++ b/chart/templates/kyverno-policies/values.yaml
@@ -751,8 +751,6 @@ policies:
          # Enforcing said policies requires access to the API to get/list resources
          - twistlock-defender-ds-*
      - namespace: logging
-        serviceAccounts:
-          - logging-loki-*
        pods:
          allow:
          - logging-loki-minio-ss-*
@@ -846,13 +844,12 @@ policies:
      - namespace: monitoring
        pods:
          allow:
-          - monitoring-grafana-*
-          - monitoring-grafana-*
+          - monitoring-grafana*
          - monitoring-monitoring-kube-admission-create-*
          - monitoring-monitoring-kube-admission-patch-*
-          - monitoring-monitoring-kube-state-metrics-*
-          - monitoring-monitoring-kube-operator-*
-          - prometheus-monitoring-monitoring-kube-prometheus-*
+          - monitoring-monitoring-kube-state-metrics*
+          - monitoring-monitoring-kube-operator*
+          - prometheus-monitoring-monitoring-kube-prometheus*
      - namespace: anchore
        pods:
          allow: