UNCLASSIFIED - NO CUI

Skip to content

Resolve "Mitigate automountServiceAccountToken findings in fluentbit"

Sam Vongsay requested to merge 71-mitigate-automount-SAT into main

General MR

Summary

Kyverno found Fluentbit to have a violation where the automount of the service account token is not explicitly set to false.
https://repo1.dso.mil/big-bang/product/packages/fluentbit/-/issues/71

Relevant logs/screenshots

`Category: Pod Security Standards (Baseline)

Message: validation rule 'automount-service-accounts' passed.

Policy: disallow-auto-mount-service-account-token

Resources:

API Version:  v1

Kind:         ServiceAccount

Name:         fluentbit-fluent-bit

Namespace:    fluentbit

UID:          d279d96d-9fa3-4ccc-aa25-5f9fe4109430

Result: pass

Rule: automount-service-accounts

Scored: true

Severity: high

Source: kyverno

`

Merge request reports

Loading