UNCLASSIFIED - NO CUI

Skip to content
Snippets Groups Projects

Mitigating the automount service account token findings for Thanos

Merged Mitigating the automount service account token findings for Thanos
1859-thanos-mitigate-automount-sa-token-findings into master
Merged Dustin Hilgaertner requested to merge 1859-thanos-mitigate-automount-sa-token-findings into master
Compare
and
1 file
+ 14
3
Compare changes
  • Side-by-side
  • Inline
chart/templates/kyverno-policies/values.yaml
+ 14
3
@@ -709,7 +709,8 @@ policies:
- fluentbit
- eck-operator
- nexus-repository-manager
- thanos
update-automountserviceaccounttokens:
enabled: true
namespaces:
@@ -879,8 +880,18 @@ policies:
- nexus-repository-manager
pods:
- nexus-repository-manager-*
- namespace: thanos
serviceAccounts:
- thanos-minio-sa
- thanos-storegateway
- thanos-query
- thanos-query-frontend
pods:
- thanos-minio-*
podsToHarden:
- thanos-query-frontend-*
- thanos-storegateway-*
- thanos-query-*
istio:
enabled: {{ .Values.istio.enabled }}

UNCLASSIFIED - NO CUI