Don't audit log tokens in TokenReviews

parent 8b0cd5b9
......@@ -568,12 +568,14 @@ rules:
- group: "" # core
resources: ["events"]
# Secrets & ConfigMaps can contain sensitive & binary data,
# Secrets, ConfigMaps, and TokenReviews can contain sensitive & binary data,
# so only log at the Metadata level.
- level: Metadata
resources:
- group: "" # core
resources: ["secrets", "configmaps"]
- group: authentication.k8s.io
resources: ["tokenreviews"]
# Get repsonses can be large; skip them.
- level: Request
verbs: ["get", "list", "watch"]
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment