Disable automountServiceAccountToken by default

XenitAB / gatekeeper-library

Collection of OPA Gatekeeper policies that can be used in your Kubernetes cluster.

MIT License

14 stars 7 forks source link

Disable automountServiceAccountToken by default #47

Closed simongottschlag closed 2 years ago

simongottschlag commented 3 years ago

We should set automountServiceAccountToken to false by default if not configured. That means that if someone actually sets it to true, it should be allowed.

This should only be done in tenant namespaces.

simongottschlag commented 3 years ago

@phillebaba @bittrance @NissesSenap opinions?

NissesSenap commented 3 years ago

It's a good idea

bittrance commented 3 years ago

It’s a good thing, but how do we roll it out to existing tenant mamespaces?

I think this implies that we need to write the documentation where this will be one item (in bold, prolly).