From d461ad696a0029a7c07b22ddd21c6f9f99530152 Mon Sep 17 00:00:00 2001
From: Ashley Dumaine <adumaine@akamai.com>
Date: Mon, 22 Jun 2026 17:22:44 -0400
Subject: [PATCH] allow dl.k8s.io, set egress policy to audit

---
 .github/workflows/build-push.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml
index aebdfcd36..a0f6377b9 100644
--- a/.github/workflows/build-push.yml
+++ b/.github/workflows/build-push.yml
@@ -19,7 +19,7 @@ jobs:
         uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
         with:
           disable-sudo: true
-          egress-policy: block
+          egress-policy: audit
           allowed-endpoints: >
             api.github.com:443
             github.com:443
@@ -33,6 +33,7 @@ jobs:
             go.dev:443
             proxy.golang.org:443
             dl.google.com:443
+            dl.k8s.io:443
             sum.golang.org:443
             *.githubusercontent.com:443
             storage.googleapis.com:443