Skip to content

MLE-21296 set-automountServiceAccountToken-to-false #332

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Aug 6, 2025
Merged

MLE-21296 set-automountServiceAccountToken-to-false #332

merged 2 commits into from
Aug 6, 2025

Conversation

@rwinieski
Copy link
Collaborator

@rwinieski rwinieski commented Jul 31, 2025

As a Kubernetes admin and MarkLogic admin,

I want to have automountServiceAccountToken set to false. This will allow to add more security.

Copilot AI reviewed Jul 31, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR enhances Kubernetes security by disabling automatic mounting of service account tokens in the MarkLogic StatefulSet pods. This follows security best practices by preventing unnecessary exposure of service account credentials to pods that don't require them.

  • Adds automountServiceAccountToken: false to the pod specification template
  • Improves security posture by reducing attack surface for potential token misuse

@vitalykorolev vitalykorolev changed the title Mle 21296/set-automountServiceAccountToken-to-false MLE-21296 set-automountServiceAccountToken-to-false Aug 5, 2025
@rwinieski rwinieski changed the title MLE-21296 set-automountServiceAccountToken-to-false MLE-21296/set-automountServiceAccountToken-to-false Aug 6, 2025
@rwinieski rwinieski changed the title MLE-21296/set-automountServiceAccountToken-to-false MLE-21296 set-automountServiceAccountToken-to-false Aug 6, 2025
@rwinieski rwinieski merged commit e0f07ea into develop Aug 6, 2025
5 of 6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@vitalykorolev vitalykorolev vitalykorolev approved these changes

@barkhachoithani barkhachoithani barkhachoithani approved these changes

@pengzhouml pengzhouml Awaiting requested review from pengzhouml

@sumanthravipati sumanthravipati Awaiting requested review from sumanthravipati

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@rwinieski @vitalykorolev @barkhachoithani