Introduces the secure-by-default options change-default and change-all for the automountServiceAccount feature and removes previous, prohibitive options. The admission controller now applies to ServiceAccount Create and Update events. Instead of admitting each pod, the default setting for automountServiceAccountToken is changed directly for each service account when not explicitly configured otherwise.
Fixes #98.
Checklist
Before submitting this PR, please make sure:
[x] you have added unit tests
[x] you have added integration tests
[x] your code builds clean with make
[x] your code lets succeed unit tests with make test
Description
Introduces the secure-by-default options
change-default
andchange-all
for the automountServiceAccount feature and removes previous, prohibitive options. The admission controller now applies to ServiceAccountCreate
andUpdate
events. Instead of admitting each pod, the default setting forautomountServiceAccountToken
is changed directly for each service account when not explicitly configured otherwise.Fixes #98.
Checklist
Before submitting this PR, please make sure:
make
make test