From 762500a361176102c6ff0855956757c3d2780ee1 Mon Sep 17 00:00:00 2001
From: Sverre Boschman <1142569+sboschman@users.noreply.github.com>
Date: Tue, 19 Oct 2021 14:35:49 +0200
Subject: [PATCH] add known k8s service accounts

Signed-off-by: Sverre Boschman <1142569+sboschman@users.noreply.github.com>
---
 rules/k8s_audit_rules.yaml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/rules/k8s_audit_rules.yaml b/rules/k8s_audit_rules.yaml
index a019e2ef..71af78b3 100644
--- a/rules/k8s_audit_rules.yaml
+++ b/rules/k8s_audit_rules.yaml
@@ -303,17 +303,28 @@
 
 - list: known_sa_list
   items: [
+    coredns,
+    coredns-autoscaler,
     cronjob-controller,
     daemon-set-controller,
     deployment-controller,
     disruption-controller,
     endpoint-controller,
     endpointslice-controller,
+    endpointslicemirroring-controller,
     generic-garbage-collector,
+    horizontal-pod-autoscaler,
+    job-controller,
     namespace-controller,
+    node-controller,
+    persistent-volume-binder,
     pod-garbage-collector,
+    pv-protection-controller,
+    pvc-protection-controller,
     replicaset-controller,
     resourcequota-controller,
+    root-ca-cert-publisher,
+    service-account-controller,
     statefulset-controller
     ]