With KEP-2799: Reduction of Secret-based Service Account Tokens, starting from 1.24, k8s won't automatically store serviceAccount tokens as secrets. In the future with LegacyServiceAccountTokenCleanUp, SA token secrets that were previously generated will be automatically deleted.
rbac-police should identify when SA tokens aren't stored as secrets and drop violations from retrieve_secrets.rego
With KEP-2799: Reduction of Secret-based Service Account Tokens, starting from 1.24, k8s won't automatically store serviceAccount tokens as secrets. In the future with
LegacyServiceAccountTokenCleanUp
, SA token secrets that were previously generated will be automatically deleted.rbac-police should identify when SA tokens aren't stored as secrets and drop violations from
retrieve_secrets.rego