From f8f6f4eecf8422ada86f4a2797c45d42404e2531 Mon Sep 17 00:00:00 2001
From: Dustin Hilgaertner <dustin@radiusmethod.com>
Date: Wed, 13 Dec 2023 15:03:43 +0000
Subject: [PATCH] Removed automount service account tokens from authservice and
 its default service account

---
 chart/templates/kyverno-policies/values.yaml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/chart/templates/kyverno-policies/values.yaml b/chart/templates/kyverno-policies/values.yaml
index 64ebaf2d3e..53fed6d6ae 100644
--- a/chart/templates/kyverno-policies/values.yaml
+++ b/chart/templates/kyverno-policies/values.yaml
@@ -705,7 +705,8 @@ policies:
       - neuvector
       - kiali
       - harbor
-      
+      - authservice
+
   update-automountserviceaccounttokens:
     enabled: true
     namespaces:
@@ -834,7 +835,11 @@ policies:
       - namespace: harbor
         serviceAccounts: 
         - harbor-redis-bb
-
+      - namespace: authservice
+        serviceAccounts:
+        - authservice
+        pods:
+        - authservice-authservice-redis-bb-*
 
 istio:
   enabled: {{ .Values.istio.enabled }}
-- 
GitLab