make sure serviceaccounts/token is only in the metadata stage (#7679)

This commit is contained in:
Kasakaze 2021-06-07 23:38:40 +08:00 committed by GitHub
parent 1069b05e68
commit d66da21726
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -67,12 +67,12 @@ rules:
resources:
- group: "" # core
resources: ["events"]
# Secrets, ConfigMaps, and TokenReviews can contain sensitive & binary data,
# Secrets, ConfigMaps, TokenRequest and TokenReviews can contain sensitive & binary data,
# so only log at the Metadata level.
- level: Metadata
resources:
- group: "" # core
resources: ["secrets", "configmaps"]
resources: ["secrets", "configmaps", "serviceaccounts/token"]
- group: authentication.k8s.io
resources: ["tokenreviews"]
omitStages: