apps sc: add falco exception for tekton cleanup

elastisys · Nov 4, 2024 · 73258ea · 73258ea
1 parent 8153ef6
commit 73258ea
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/helmfile.d/values/falco/falco-common.yaml.gotmpl b/helmfile.d/values/falco/falco-common.yaml.gotmpl
@@ -171,6 +171,10 @@ customRules:
           container.image.repository = "docker.io/bitnami/kubectl" and
           k8s.ns.name = "gatekeeper-system" and
           k8s.pod.name startswith "gatekeeper-templates-wait"
+        ) or (
+          container.image.repository = "gcr.io/tekton-releases/dogfooding/tkn" and
+          k8s.ns.name = "tekton-pipelines" and
+          k8s.pod.name startswith "cleanup-runs"
         )
 
     # Run shell untrusted