From 3fd4464deea53b16a06afb7ba35ee281889f952a Mon Sep 17 00:00:00 2001
From: Mark Stemm <mark.stemm@gmail.com>
Date: Thu, 27 Aug 2020 18:00:53 -0700
Subject: [PATCH] rule(Disallowed K8s User): add known users

Seen when using K8s cluster autoscaling or addon manager.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
---
 rules/k8s_audit_rules.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/rules/k8s_audit_rules.yaml b/rules/k8s_audit_rules.yaml
index 5084a45c..24eb9f78 100644
--- a/rules/k8s_audit_rules.yaml
+++ b/rules/k8s_audit_rules.yaml
@@ -48,6 +48,8 @@
     "minikube", "minikube-user", "kubelet", "kops", "admin", "kube", "kube-proxy", "kube-apiserver-healthcheck",
     "kubernetes-admin",
     vertical_pod_autoscaler_users,
+    cluster-autoscaler,
+    system:addon-manager
     ]
 
 - rule: Disallowed K8s User