make sure serviceaccounts/token is only in the metadata stage (#7679)

This commit is contained in:
Kasakaze 2021-06-07 23:38:40 +08:00 committed by GitHub
parent 1069b05e68
commit d66da21726
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -67,12 +67,12 @@ rules:
resources: resources:
- group: "" # core - group: "" # core
resources: ["events"] resources: ["events"]
# Secrets, ConfigMaps, and TokenReviews can contain sensitive & binary data, # Secrets, ConfigMaps, TokenRequest and TokenReviews can contain sensitive & binary data,
# so only log at the Metadata level. # so only log at the Metadata level.
- level: Metadata - level: Metadata
resources: resources:
- group: "" # core - group: "" # core
resources: ["secrets", "configmaps"] resources: ["secrets", "configmaps", "serviceaccounts/token"]
- group: authentication.k8s.io - group: authentication.k8s.io
resources: ["tokenreviews"] resources: ["tokenreviews"]
omitStages: omitStages: