add known k8s service accounts

Signed-off-by: Sverre Boschman <1142569+sboschman@users.noreply.github.com>
falcosecurity · Oct 29, 2021 · 762500a · 762500a
1 parent 8563af8
commit 762500a
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/rules/k8s_audit_rules.yaml b/rules/k8s_audit_rules.yaml
@@ -303,17 +303,28 @@
 
 - list: known_sa_list
   items: [
+    coredns,
+    coredns-autoscaler,
     cronjob-controller,
     daemon-set-controller,
     deployment-controller,
     disruption-controller,
     endpoint-controller,
     endpointslice-controller,
+    endpointslicemirroring-controller,
     generic-garbage-collector,
+    horizontal-pod-autoscaler,
+    job-controller,
     namespace-controller,
+    node-controller,
+    persistent-volume-binder,
     pod-garbage-collector,
+    pv-protection-controller,
+    pvc-protection-controller,
     replicaset-controller,
     resourcequota-controller,
+    root-ca-cert-publisher,
+    service-account-controller,
     statefulset-controller
     ]