jordarlu
commented
1 year ago @prudhvigodithi , please help review the PR .. thanks
Closed rdvansloten closed 1 year ago
jordarlu
commented
1 year ago @prudhvigodithi , please help review the PR .. thanks
prudhvigodithi
commented
1 year ago Thanks for the contribution @rdvansloten, closing this issue, please feel free to re-open if there is anything pending for this enhancement. Thank you @bbarani @peterzhuamazon
Is your feature request related to a problem? Please describe. Support for disabling automountServiceAccountToken, which in turn disables the mounting of /var/run/secrets/kubernetes.io/serviceaccount inside the OpenSearch pods when started. This setting now defaults to true, even when no serviceaccount is set, causing a collision with strict Kubernetes Gatekeeper policies that do not allow auto-mounting of service accounts.
See: https://store.policy.core.windows.net/kubernetes/block-automount-token/v2/template.yaml
Describe the solution you'd like A toggle for automountServiceAccountToken in the helm chart rbac section.
Describe alternatives you've considered None, disabling the policy is not allowed in many enterprises.