From e2bf87d207a32401da271835e15dadf957f68e8c Mon Sep 17 00:00:00 2001
From: kaizhe <derek0405@gmail.com>
Date: Thu, 30 Jul 2020 16:19:05 -0700
Subject: [PATCH] macro(trusted_pod): add new list k8s_image_list

Signed-off-by: kaizhe <derek0405@gmail.com>
---
 rules/k8s_audit_rules.yaml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/rules/k8s_audit_rules.yaml b/rules/k8s_audit_rules.yaml
index 511f49ee..872bb7a9 100644
--- a/rules/k8s_audit_rules.yaml
+++ b/rules/k8s_audit_rules.yaml
@@ -232,8 +232,12 @@
 - list: user_trusted_image_list
   items: []
 
+- list: k8s_image_list
+  items: [k8s.gcr.io/kube-apiserver, kope/kube-apiserver-healthcheck]
+
 - macro: trusted_pod
-  condition: (ka.req.pod.containers.image.repository in (user_trusted_image_list))
+  condition: (ka.req.pod.containers.image.repository in (user_trusted_image_list) or
+              ka.req.pod.containers.image.repository in (k8s_image_list))
 
 # Detect any new pod created in the kube-system namespace
 - rule: Pod Created in Kube Namespace