Make least-privilege exemptions for ztunnel and install-cni pods

defenseunicorns / uds-core

A FOSS secure runtime platform for mission-critical capabilities

https://uds.defenseunicorns.com

GNU Affero General Public License v3.0

52 stars 21 forks source link

Make least-privilege exemptions for ztunnel and install-cni pods #1027

Open mjnagel opened 2 days ago

mjnagel commented 2 days ago

https://github.com/defenseunicorns/uds-core/pull/699 currently has catch-all exemptions for the ztunnel and istio-cni pods. These exemptions should be slimmed down to just what is necessary for running these applications. All exemptions should have adequate descriptions to provide the "why".