make sure serviceaccounts/token is only in the metadata stage (#7679)
This commit is contained in:
parent
1069b05e68
commit
d66da21726
1 changed files with 2 additions and 2 deletions
|
@ -67,12 +67,12 @@ rules:
|
||||||
resources:
|
resources:
|
||||||
- group: "" # core
|
- group: "" # core
|
||||||
resources: ["events"]
|
resources: ["events"]
|
||||||
# Secrets, ConfigMaps, and TokenReviews can contain sensitive & binary data,
|
# Secrets, ConfigMaps, TokenRequest and TokenReviews can contain sensitive & binary data,
|
||||||
# so only log at the Metadata level.
|
# so only log at the Metadata level.
|
||||||
- level: Metadata
|
- level: Metadata
|
||||||
resources:
|
resources:
|
||||||
- group: "" # core
|
- group: "" # core
|
||||||
resources: ["secrets", "configmaps"]
|
resources: ["secrets", "configmaps", "serviceaccounts/token"]
|
||||||
- group: authentication.k8s.io
|
- group: authentication.k8s.io
|
||||||
resources: ["tokenreviews"]
|
resources: ["tokenreviews"]
|
||||||
omitStages:
|
omitStages:
|
||||||
|
|
Loading…
Reference in a new issue