UNCLASSIFIED - NO CUI

Skip to content
Snippets Groups Projects

Mitigate automountServiceAccountToken findings in Confluence

Merged Mitigate automountServiceAccountToken findings in Confluence
harden-automounting-confluence into master
Merged Justen Mehl requested to merge harden-automounting-confluence into master

General MR

Summary

Closes #1857

This MR leverages the mutating Kyverno policy named update-automountserviceaccounttokens to harden all ServiceAccounts in the confluence namespace/package, and to place Pod exceptions where applicable (depending if the application truly needs access to the K8s API).

Justification for Pod exceptions are placed in comments alongside the code.

Manual testing according to the packages' DEVELOPMENT_MAINTENANCE.md has shown no loss of functionality.

Edited by Justen Mehl

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
Please register or sign in to reply

UNCLASSIFIED - NO CUI