nats-io / k8s

NATS on Kubernetes with Helm Charts
Apache License 2.0
455 stars 305 forks source link

nats chart does not propagate automountServiceAccountToken setting to ServiceAccount YAML #750

Closed dmglennie-diveplane closed 1 year ago

dmglennie-diveplane commented 1 year ago

Whilst you can set automountServiceAccountToken, doing so will set the value in the statefulset spec, but not the serviceaccount itself. Possibly redundant, but it will be clearer if it does there too. In my case it is getting flagged by some auditing software.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#opt-out-of-api-credential-automounting

dmglennie-diveplane commented 1 year ago

I'll put a PR shortly.

caleblloyd commented 1 year ago

Check out the 1.x-beta chart, it will be promoted to 1.0.0 soon. It can do this already.

dmglennie-diveplane commented 1 year ago

Great, thanks - I shall wait for that.