Set automountServiceAccountToken: false in SA and Pod

[anshulahuja98]

Describe the problem/challenge you have

This issue is both for here and for https://github.com/vmware-tanzu/helm-charts Based on security guidelines, we have received asks for setting the flag - automountServiceAccountToken: false in SA and pods. https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#opt-out-of-api-credential-automounting

Describe the solution you'd like

automountServiceAccountToken: false on Velero pod and SA

Anything else you would like to add:

If anyone has already tested this with velero and not seen any surprises, please pitch in.

Environment:

• Velero version (use velero version):
• Kubernetes version (use kubectl version):
• Kubernetes installer & version:
• Cloud provider or hardware configuration:
• OS (e.g. from /etc/os-release):

Vote on this issue!

This is an invitation to the Velero community to vote on issues, you can see the project's top voted issues listed here.
Use the "reaction smiley face" up to the right of this comment to vote.

• :+1: for "The project would be better with this feature added"
• :-1: for "This feature will not enhance the project in a meaningful way"

[reasonerjt]

I wish to suggest we refrain from making such a change. B/C setting it to false may break a lot of downstream integrations...

[anshulahuja98]

thanks for your input. Would it be possible for you to share what type of potential issues we might see due to this? I am not pushing for immediately fixing this. Trying to get data on the type of issues we can expect. Let me know if you have any idea on specific known issues.