Closed moritzjohner-form3 closed 1 year ago
need to bump kind Kubernetes version to 1.23+ due to: https://github.com/stefanprodan/podinfo/pull/237. Gonna do this in scope of this PR.
bump; can i get a review please 😸 @dwerder maybe 🙏
@stefanprodan: I am unable to merge due to actions workflow changes:
Did you try it with the GitHub Web UI? This may be an issue within the mobile app 🤔
What this PR does / why we need it:
This PR allows the user to set the
automountServiceAccountToken
in the pod spec. This is a well-known requirement forCIS
,BSI
andNSA
security benchmarks.The user is supposed to set
serviceAccount.automount=false
and must add the appropriate volumes/volumeMounts.We probably shouldn't set the default to
serviceAccount.automount=false
and provide the necessary volumes/volumeMounts as this would be a breaking change. E.g. if a user supplied a custominitContainer
this would now be launched without a service account mounted.Which issue this PR fixes
Special notes for your reviewer:
Checklist
make reviewable