Merge pull request #401 from gthiemonge/fix_automount

openshift-merge-bot[bot] · web-flow · commit 575fc03d6b94 · 2025-01-14T10:48:51.000Z
Set AutomountServiceAccountToken to false
diff --git a/pkg/amphoracontrollers/daemonset.go b/pkg/amphoracontrollers/daemonset.go
@@ -147,6 +147,7 @@ func DaemonSet(
 					},
 					TerminationGracePeriodSeconds: &terminationGracePeriodSeconds,
 					ServiceAccountName:            instance.Spec.ServiceAccount,
+					AutomountServiceAccountToken:  ptr.To(false),
 					Containers: []corev1.Container{
 						{
 							Name:            serviceName,
diff --git a/pkg/octavia/dbsync.go b/pkg/octavia/dbsync.go
@@ -68,8 +68,9 @@ func DbSyncJob(
 					SecurityContext: &corev1.PodSecurityContext{
 						FSGroup: ptr.To(OctaviaUID),
 					},
-					RestartPolicy:      corev1.RestartPolicyOnFailure,
-					ServiceAccountName: instance.RbacResourceName(),
+					RestartPolicy:                corev1.RestartPolicyOnFailure,
+					ServiceAccountName:           instance.RbacResourceName(),
+					AutomountServiceAccountToken: ptr.To(false),
 					Containers: []corev1.Container{
 						{
 							Name:            ServiceName + "-db-sync",
diff --git a/pkg/octavia/image_upload_deployment.go b/pkg/octavia/image_upload_deployment.go
@@ -23,6 +23,7 @@ import (
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/utils/ptr"
 )
 
 type ImageUploadDetails struct {
@@ -107,7 +108,8 @@ func ImageUploadDeployment(
 					Labels: labels,
 				},
 				Spec: corev1.PodSpec{
-					ServiceAccountName: instance.RbacResourceName(),
+					ServiceAccountName:           instance.RbacResourceName(),
+					AutomountServiceAccountToken: ptr.To(false),
 					Containers: []corev1.Container{
 						{
 							Name: "octavia-amphora-httpd",
diff --git a/pkg/octaviaapi/deployment.go b/pkg/octaviaapi/deployment.go
@@ -158,7 +158,8 @@ func Deployment(
 					SecurityContext: &corev1.PodSecurityContext{
 						FSGroup: ptr.To(octavia.OctaviaUID),
 					},
-					ServiceAccountName: instance.Spec.ServiceAccount,
+					ServiceAccountName:           instance.Spec.ServiceAccount,
+					AutomountServiceAccountToken: ptr.To(false),
 					Containers: []corev1.Container{
 						{
 							Name: serviceName,
diff --git a/pkg/octaviarsyslog/daemonset.go b/pkg/octaviarsyslog/daemonset.go
@@ -103,7 +103,8 @@ func DaemonSet(
 					Labels:      labels,
 				},
 				Spec: corev1.PodSpec{
-					ServiceAccountName: instance.Spec.ServiceAccount,
+					ServiceAccountName:           instance.Spec.ServiceAccount,
+					AutomountServiceAccountToken: ptr.To(false),
 					Containers: []corev1.Container{
 						{
 							Name:           serviceName,
diff --git a/tests/kuttl/common/assert_sample_deployment.yaml b/tests/kuttl/common/assert_sample_deployment.yaml
@@ -98,6 +98,7 @@ spec:
                   - octavia-api
               topologyKey: kubernetes.io/hostname
             weight: 100
+      automountServiceAccountToken: false
       containers:
       - args:
         - -c

Original file line number	Diff line number	Diff line change
`@@ -147,6 +147,7 @@ func DaemonSet(`
`147`	`147`	`},`
`148`	`148`	`TerminationGracePeriodSeconds: &terminationGracePeriodSeconds,`
`149`	`149`	`ServiceAccountName: instance.Spec.ServiceAccount,`
	`150`	`+ AutomountServiceAccountToken: ptr.To(false),`
`150`	`151`	`Containers: []corev1.Container{`
`151`	`152`	`{`
`152`	`153`	`Name: serviceName,`