UNCLASSIFIED - NO CUI

Skip to content

Draft: 48-disable-kyverno-automountsa: Adding get, list, watch, update, patch on pod...

Chris Harden requested to merge 48-disable-kyverno-automountsa into main

General MR

Summary

This change adds the rights to get, list, watch, update, and patch the kyverno-background-controller deployments

This change is needed for clusterpolicies to mutate the automountserviceaccounttoken on pods that exist before the policy is applied. Specifically the pods in the kyverno ns.

Epic: Disable automatic mounting of service account tokens

Relevant logs/screenshots

(Include any relevant logs/screenshots)

Closes #48

Edited by Chris Harden

Merge request reports

Loading