rancher-partner-charts/charts/kasten/k10/6.5.501/templates/aggregatedaudit-policy.yaml

{{- if include "k10.siemEnabled" . -}}
apiVersion: v1
kind: ConfigMap
metadata:
  labels:
{{ include "helm.labels" . | indent 4 }}
  name: aggauditpolicy-config
  namespace: {{ .Release.Namespace }}
data:
  {{ include "k10.aggAuditPolicyFile" .}}: |
    apiVersion: audit.k8s.io/v1
    kind: Policy
    omitStages:
    - "RequestReceived"
    rules:
    - level: RequestResponse
      resources:
      - group: "actions.kio.kasten.io"
        resources: ["cancelactions", "restoreactions", "retireactions", "runactions"]
      - group: "apps.kio.kasten.io"
        resources: ["applications", "clusterrestorepoints", "restorepoints", "restorepointcontents"]
      - group: "repositories.kio.kasten.io"
        resources: ["storagerepositories"]
      - group: "vault.kio.kasten.io"
        resources: ["passkeys"]
      verbs: ["create", "update", "patch", "delete", "get"]
    - level: None
      nonResourceURLs:
        - /healthz*
        - /version
        - /openapi/v2*
        - /openapi/v3*
        - /timeout*
{{- end -}}
Charts CI ``` Updated: bitnami/kafka: - 26.4.3 bitnami/postgresql: - 13.2.21 bitnami/wordpress: - 18.1.19 kasten/k10: - 6.5.0 redpanda/redpanda: - 5.6.51 speedscale/speedscale-operator: - 1.4.7 ``` 2023-11-29 13:19:20 +00:00			`{{- if include "k10.siemEnabled" . -}}`
			`apiVersion: v1`
			`kind: ConfigMap`
			`metadata:`
			`labels:`
			`{{ include "helm.labels" . \| indent 4 }}`
			`name: aggauditpolicy-config`
			`namespace: {{ .Release.Namespace }}`
			`data:`
			`{{ include "k10.aggAuditPolicyFile" .}}: \|`
			`apiVersion: audit.k8s.io/v1`
			`kind: Policy`
			`omitStages:`
			`- "RequestReceived"`
			`rules:`
			`- level: RequestResponse`
			`resources:`
			`- group: "actions.kio.kasten.io"`
			`resources: ["cancelactions", "restoreactions", "retireactions", "runactions"]`
			`- group: "apps.kio.kasten.io"`
			`resources: ["applications", "clusterrestorepoints", "restorepoints", "restorepointcontents"]`
			`- group: "repositories.kio.kasten.io"`
			`resources: ["storagerepositories"]`
			`- group: "vault.kio.kasten.io"`
			`resources: ["passkeys"]`
			`verbs: ["create", "update", "patch", "delete", "get"]`
			`- level: None`
			`nonResourceURLs:`
			`- /healthz*`
			`- /version`
			`- /openapi/v2*`
			`- /openapi/v3*`
			`- /timeout*`
			`{{- end -}}`