UNCLASSIFIED - NO CUI

Skip to content
Snippets Groups Projects
Commit b71a5f54 authored by Dustin Hilgaertner's avatar Dustin Hilgaertner Committed by Michael Martin
Browse files

Resolve "Mitigate automountServiceAccountToken findings in Grafana"

parent 9012e31e
No related branches found
No related tags found
1 merge request!3508Resolve "Mitigate automountServiceAccountToken findings in Grafana"
Hide whitespace changes
Inline Side-by-side
chart/templates/kyverno-policies/values.yaml
+ 6
18
View file @ b71a5f54
......@@ -169,23 +169,6 @@ policies:
names:
- prometheus-monitoring-monitoring-kube-prometheus*
{{- end }}
{{- if .Values.grafana.enabled }}
- resources:
namespaces:
- monitoring
kinds:
- ServiceAccount
names:
- monitoring-grafana
- resources:
namespaces:
- monitoring
kinds:
- Pod
- Deployment
names:
- monitoring-grafana*
{{- end }}
{{- if or .Values.fluentbit.enabled .Values.monitoring.enabled .Values.twistlock.enabled }}
disallow-tolerations:
......@@ -840,7 +823,12 @@ policies:
- authservice
pods:
- authservice-authservice-redis-bb-*
- namespace: monitoring
serviceAccounts:
- monitoring-grafana
pods:
- monitoring-grafana-*
istio:
enabled: {{ .Values.istio.enabled }}
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

UNCLASSIFIED - NO CUI