Revert token changes for arc due to Telegraf bug (#1101)

* revert token changes for arc

Author: wanlonghenry

.trivyignore

@@ -1,5 +1,6 @@
 #telegraf MEDIUM
 GHSA-2w8w-qhg4-f78j
+GHSA-fr2g-9hjm-wr23
 CVE-2023-39325
 CVE-2023-3978
 CVE-2023-44487

charts/azuremonitor-containers/templates/ama-logs-daemonset-windows.yaml

@@ -102,9 +102,6 @@ spec:
        - name: SIDECAR_SCRAPING_ENABLED
          value: {{ .Values.amalogs.sidecarscraping | quote }}
        volumeMounts:
-        - name: kube-api-access
-          mountPath: /var/run/secrets/kubernetes.io/serviceaccount
-          readOnly: true
         - mountPath: C:\ProgramData\docker\containers
           name: docker-windows-containers
           readOnly: true
@@ -139,23 +136,6 @@ spec:
    {{- end }}
    {{- end }}
    volumes:
-    - name: kube-api-access
-      projected:
-        sources:
-         - serviceAccountToken:
-             path: token
-             expirationSeconds: 3600
-         - configMap:
-             items:
-             - key: ca.crt
-               path: ca.crt
-             name: kube-root-ca.crt
-         - downwardAPI:
-             items:
-             - fieldRef:
-                 apiVersion: v1
-                 fieldPath: metadata.namespace
-               path: namespace
     - name: docker-windows-kuberenetes-container-logs
       hostPath:
         path: C:\var

charts/azuremonitor-containers/templates/ama-logs-daemonset.yaml

@@ -137,9 +137,6 @@ spec:
        - containerPort: 25224
          protocol: UDP
        volumeMounts:
-        - name: kube-api-access
-          mountPath: /var/run/secrets/kubernetes.io/serviceaccount
-          readOnly: true
         - mountPath: /hostfs
           name: host-root
           readOnly: true
@@ -232,9 +229,6 @@ spec:
        securityContext:
          privileged: true
        volumeMounts:
-         - name: kube-api-access
-           mountPath: /var/run/secrets/kubernetes.io/serviceaccount
-           readOnly: true
          - mountPath: /etc/kubernetes/host
            name: azure-json-path
          - mountPath: /etc/ama-logs-secret
@@ -275,23 +269,6 @@ spec:
    {{- end }}
    {{- end }}
    volumes:
-    - name: kube-api-access
-      projected:
-        sources:
-         - serviceAccountToken:
-             path: token
-             expirationSeconds: 3600
-         - configMap:
-             items:
-             - key: ca.crt
-               path: ca.crt
-             name: kube-root-ca.crt
-         - downwardAPI:
-             items:
-             - fieldRef:
-                 apiVersion: v1
-                 fieldPath: metadata.namespace
-               path: namespace
     - name: host-root
       hostPath:
        path: /

charts/azuremonitor-containers/templates/ama-logs-deployment.yaml

@@ -128,9 +128,6 @@ spec:
        - containerPort: 25224
          protocol: UDP
        volumeMounts:
-        - name: kube-api-access
-          mountPath: /var/run/secrets/kubernetes.io/serviceaccount
-          readOnly: true
         - mountPath: /var/run/host
           name: docker-sock
         - mountPath: /var/log
@@ -185,23 +182,6 @@ spec:
    {{- end }}
    {{- end }}
    volumes:
-    - name: kube-api-access
-      projected:
-        sources:
-        - serviceAccountToken:
-            path: token
-            expirationSeconds: 3600
-        - configMap:
-            items:
-            - key: ca.crt
-              path: ca.crt
-            name: kube-root-ca.crt
-        - downwardAPI:
-            items:
-            - fieldRef:
-                apiVersion: v1
-                fieldPath: metadata.namespace
-              path: namespace                    
     - name: docker-sock
       hostPath:
        path: /var/run

kubernetes/ama-logs.yaml

@@ -458,9 +458,6 @@ spec:
               hostPort: 28330
               protocol: TCP
           volumeMounts:
-            - name: kube-api-access
-              mountPath: /var/run/secrets/kubernetes.io/serviceaccount
-              readOnly: true
             - mountPath: /var/run/mdsd-PrometheusSidecar
               name: mdsd-prometheus-sock
             - mountPath: /hostfs
@@ -556,9 +553,6 @@ spec:
           securityContext:
             privileged: true
           volumeMounts:
-            - name: kube-api-access
-              mountPath: /var/run/secrets/kubernetes.io/serviceaccount
-              readOnly: true
             - mountPath: /var/run/mdsd-PrometheusSidecar
               name: mdsd-prometheus-sock
             - mountPath: /etc/kubernetes/host
@@ -609,23 +603,6 @@ spec:
         - operator: "Exists"
           effect: "PreferNoSchedule"
       volumes:
-        - name: kube-api-access
-          projected:
-            sources:
-            - serviceAccountToken:
-                path: token
-                expirationSeconds: 3600
-            - configMap:
-                items:
-                - key: ca.crt
-                  path: ca.crt
-                name: kube-root-ca.crt
-            - downwardAPI:
-                items:
-                - fieldRef:
-                    apiVersion: v1
-                    fieldPath: metadata.namespace
-                  path: namespace        
         - name: mdsd-prometheus-sock
           emptyDir: {}
         - name: host-root
@@ -833,9 +810,6 @@ spec:
             - containerPort: 25224
               protocol: UDP
           volumeMounts:
-            - name: kube-api-access
-              mountPath: /var/run/secrets/kubernetes.io/serviceaccount
-              readOnly: true
             - mountPath: /var/run/host
               name: docker-sock
             - mountPath: /var/log
@@ -905,23 +879,6 @@ spec:
         - operator: "Exists"
           effect: "PreferNoSchedule"
       volumes:
-        - name: kube-api-access
-          projected:
-            sources:
-            - serviceAccountToken:
-                path: token
-                expirationSeconds: 3600
-            - configMap:
-                items:
-                - key: ca.crt
-                  path: ca.crt
-                name: kube-root-ca.crt
-            - downwardAPI:
-                items:
-                - fieldRef:
-                    apiVersion: v1
-                    fieldPath: metadata.namespace
-                  path: namespace            
         - name: docker-sock
           hostPath:
             path: /var/run
@@ -1069,9 +1026,6 @@ spec:
           # - name: USING_AAD_MSI_AUTH
           #   value: "true"
          volumeMounts:
-          - name: kube-api-access
-            mountPath: /var/run/secrets/kubernetes.io/serviceaccount
-            readOnly: true
           - mountPath: C:\ProgramData\docker\containers
             name: docker-windows-containers
             readOnly: true
@@ -1131,23 +1085,6 @@ spec:
      - operator: "Exists"
        effect: PreferNoSchedule
      volumes:
-      - name: kube-api-access
-        projected:
-          sources:
-          - serviceAccountToken:
-              path: token
-              expirationSeconds: 3600
-          - configMap:
-              items:
-              - key: ca.crt
-                path: ca.crt
-              name: kube-root-ca.crt
-          - downwardAPI:
-              items:
-              - fieldRef:
-                  apiVersion: v1
-                  fieldPath: metadata.namespace
-                path: namespace    
       - name: docker-windows-kuberenetes-container-logs
         hostPath:
           path: C:\var