policyDefinitions/Kubernetes/kubernetes-clusters-should-disable-automounting-api-credentials/constraint.yaml (10 lines of code) (raw):
apiVersion: constraints.gatekeeper.sh/v1beta1
kind: K8sAzureBlockAutomountToken
metadata:
name: azure-block-automount
spec:
match:
excludedNamespaces: {{ .Values.excludedNamespaces }}
kinds:
- apiGroups: [""]
kinds: ["Pod"]