Resolve "Mitigate automountServiceAccountToken findings in promtail"
General MR
Mitigate automountServiceAccountToken findings in promtail
Summary
Automounting of service account token presents a risk to the cluster. This MR seeks to remedy this by disabling automounting on the service account while ignoring the finding on the pod to allow full functionality.
Merge request reports
Activity
added kindenhancement priority7 statusdoing labels
assigned to @samvongsay
added 57 commits
-
4ee50b4e...ca934c2c - 56 commits from branch
master - d3c51be1 - Merge branch 'master' into '1831-mitigate-automountSAT-promtail'
-
4ee50b4e...ca934c2c - 56 commits from branch
added statusreview label and removed statusdoing label
requested review from @michaelmartin, @chris.oconnell, @ryan.j.garcia, and @ryan.thompson.44
@rgsjustins @andrewshoell : You have been tagged in this merge request for the purpose of conducting secondary review.
Going to put this on hold for a bit and resume the review after this MR gets merged so multiple changes won't have to happen.
added statusdoing label and removed statusreview label
added 46 commits
- d3c51be1...5ff70e33 - 36 earlier commits
- e9775234 - SKIP UPGRADE kyvernoPolicies update to 3.0.4-bb.15
- ebb9a8b1 - gitlab update to 7.6.0-bb.0
- 149613f1 - Velero: disabled automountserviceaccounttoken in the velero namespace
- 70c72694 - anchore update to 1.27.4-bb.5
- 9d7b416d - mattermost update to v9.2.3-bb.0
- c6d67ffe - feat: re-enable `require-image-signature` policy
- bb06aabb - monitoring update to 55.0.0-bb.1
- db264399 - Neuvector: disabled automountserviceaccounttoken in the neuvector namespace
- 5b697097 - loki update to 5.31.0-bb.7
- b7e42328 - Add promtail default SA to exception
Toggle commit listadded 92 commits
-
688589cb...1e8e0cb8 - 88 commits from branch
master - d691f688 - Harden automountServiceAccountToken findings in Twistlock
- bbfd0440 - loki update to 5.31.0-bb.7
- 2d5a9a75 - loki update to 5.31.0-bb.7
- cf1b499c - loki update to 5.31.0-bb.7
Toggle commit list-
688589cb...1e8e0cb8 - 88 commits from branch
added 12 commits
-
a0e9cd66...cdf4f318 - 10 commits from branch
master - 5cc447b2 - Harden automountServiceAccountToken findings in Twistlock
- 2fdf18ed - Add promtail to SA Token exception
-
a0e9cd66...cdf4f318 - 10 commits from branch
added 6 commits
-
65c3a039...da73a539 - 4 commits from branch
master - 80198e9b - Add promtail to SA Token exception
- 77c2b500 - Allow promtail pod SA Token
-
65c3a039...da73a539 - 4 commits from branch
added 6 commits
-
77c2b500...9012e31e - 4 commits from branch
master - eae33645 - Add promtail to SA Token exception
- 9a7df0ef - Allow promtail pod SA Token
-
77c2b500...9012e31e - 4 commits from branch
added 6 commits
-
9a7df0ef...94103278 - 4 commits from branch
master - 7655b8bf - Add promtail to SA Token exception
- 4c0033aa - Allow promtail pod SA Token
-
9a7df0ef...94103278 - 4 commits from branch
- Resolved by Christopher O'Connell
This MR is ready to be merged. Fixed all merge conflicts and switched to new method to handle default SA in the respective namespaces.
- Last reply by Christopher O'Connell
added 45 commits
-
4c0033aa...ddf23e20 - 42 commits from branch
master - afc83c56 - Add promtail to SA Token exception
- ea9040b7 - Allow promtail pod SA Token
- d3a69046 - Disable SA mount
Toggle commit list-
4c0033aa...ddf23e20 - 42 commits from branch
added 11 commits
-
d3a69046...eabbc458 - 8 commits from branch
master - cad7b5ad - Add promtail to SA Token exception
- d3f773a4 - Allow promtail pod SA Token
- b19d6e96 - Disable SA mount
Toggle commit list-
d3a69046...eabbc458 - 8 commits from branch
removed statusdoing label
added statusreview label
changed milestone to %2.18.0
enabled an automatic merge when the pipeline for ec054ca8 succeeds
mentioned in commit bc3beec4
