From a62cc3eba9b91174ef1cdeb55d351bba58d9a20c Mon Sep 17 00:00:00 2001
From: Bartlomiej Rekke <bartlomiej.rekke@softwaremill.com>
Date: Mon, 15 Sep 2025 21:06:59 +0200
Subject: [PATCH] Add SA option for automounting tokens

---
 .../templates/controller-serviceaccount.yaml                  | 1 +
 charts/aws-efs-csi-driver/templates/node-serviceaccount.yaml  | 1 +
 charts/aws-efs-csi-driver/values.yaml                         | 4 ++++
 3 files changed, 6 insertions(+)

diff --git a/charts/aws-efs-csi-driver/templates/controller-serviceaccount.yaml b/charts/aws-efs-csi-driver/templates/controller-serviceaccount.yaml
index 1a1133077..c0d91c23b 100644
--- a/charts/aws-efs-csi-driver/templates/controller-serviceaccount.yaml
+++ b/charts/aws-efs-csi-driver/templates/controller-serviceaccount.yaml
@@ -1,6 +1,7 @@
 {{- if .Values.controller.serviceAccount.create }}
 apiVersion: v1
 kind: ServiceAccount
+automountServiceAccountToken: {{ .Values.controller.serviceAccount.automountServiceAccountToken }}
 metadata:
   name: {{ .Values.controller.serviceAccount.name }}
   namespace: {{ .Release.Namespace }}
diff --git a/charts/aws-efs-csi-driver/templates/node-serviceaccount.yaml b/charts/aws-efs-csi-driver/templates/node-serviceaccount.yaml
index 797f1b343..e68a2df9c 100644
--- a/charts/aws-efs-csi-driver/templates/node-serviceaccount.yaml
+++ b/charts/aws-efs-csi-driver/templates/node-serviceaccount.yaml
@@ -1,6 +1,7 @@
 {{- if .Values.node.serviceAccount.create }}
 apiVersion: v1
 kind: ServiceAccount
+automountServiceAccountToken: {{ .Values.node.serviceAccount.automountServiceAccountToken }}
 metadata:
   name: {{ .Values.node.serviceAccount.name }}
   namespace: {{ .Release.Namespace }}
diff --git a/charts/aws-efs-csi-driver/values.yaml b/charts/aws-efs-csi-driver/values.yaml
index 13c150543..22e06a872 100644
--- a/charts/aws-efs-csi-driver/values.yaml
+++ b/charts/aws-efs-csi-driver/values.yaml
@@ -100,6 +100,8 @@ controller:
   # Specifies whether a service account should be created
   serviceAccount:
     create: true
+    # Automount API credentials for a Service Account.
+    automountServiceAccountToken: true
     name: efs-csi-controller-sa
     annotations: {}
     ## Enable if EKS IAM for SA is used
@@ -200,6 +202,8 @@ node:
   # Specifies whether a service account should be created
   serviceAccount:
     create: true
+    # Automount API credentials for a Service Account.
+    automountServiceAccountToken: true
     name: efs-csi-node-sa
     annotations: {}
     ## Enable if EKS IAM for SA is used