From 8bfcf573ba6a01406aef4c1b135c1083481be700 Mon Sep 17 00:00:00 2001
From: Justen Mehl <justen.t.mehl.civ@us.navy.mil>
Date: Fri, 26 Jan 2024 13:14:44 +0000
Subject: [PATCH] Refactor Twistlock ServiceAccount hardening to use wildcard

---
 chart/templates/kyverno-policies/values.yaml | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/chart/templates/kyverno-policies/values.yaml b/chart/templates/kyverno-policies/values.yaml
index 33cf4b4f19..30b2ee6e6d 100644
--- a/chart/templates/kyverno-policies/values.yaml
+++ b/chart/templates/kyverno-policies/values.yaml
@@ -713,11 +713,6 @@ policies:
         - istiod-*
         - istio-operator-*
       - namespace: twistlock
-        serviceAccounts:
-        - twistlock-console
-        - twistlock-init
-        - volume-upgrade-svc-acct
-        - twistlock-service
         pods:
         # twistlock-init pods require get/list/patch/etc to several resources. 
         # More details in twistlock/chart/templates/init/clusterrole.yaml
-- 
GitLab