This repository has been archived by the owner on Aug 28, 2024. It is now read-only.
Discussion around removal the Kyverno Policy for automountServiceAccountToken #662
Comments
More importantly, it creates divergence from baseline DUBBD, which as an objective I think is something we want to avoid when possible. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hi all 👋,
Discussion - There was recently an issue opened on Pepr around adding sane security defaults to the Kubernetes manifests that Pepr generates. In part, this is because it is a best practice and the secure thing to do, and in part to pass the Kyverno policies used in dubbd. After deliberation we decided to exclude the bit around
automountServiceAccountToken, but, this creates a flag in the Kyverno policydisallow-auto-mount-service-account-token.The purpose of this issue to is open up a dialog to see if it makes sense to keep this policy in DUBBD as it creates overhead for engineers to have to go in and customize policies.
The text was updated successfully, but these errors were encountered: