Closed alita1991 closed 8 months ago
I noticed that the automountServiceAccountToken flag is set to true and I'm trying to understand if there is a reason for this
I guess we have the answer now - yes.
The reason it's set to true is it's needed for the kiwigrid sidecar to load dashboards and datasources. Setting this to false by default breaks deployments.
Disabling automatic token mounting with automountServiceAccountToken set to false enhances security and control in Kubernetes by reducing attack surface, providing explicit control over token usage, avoiding unnecessary access, and meeting compliance and security requirements.
While looking at the grafana service, I noticed that the automountServiceAccountToken flag is set to true and I'm trying to understand if there is a reason for this, if not, I'm interested in setting the flag to false.