Skip to content

Commit c93553b

Browse files
javierpenaedcdavid
javierpena
and
edcdavid
authored
Remove kube-api-access volume from debug partner pod (#66)
* Remove kube-api-access volume from debug partner pod This volume is automatically added by OpenShift, and its definition varies between Openshift >= 4.7, which uses RootCAConfigMap [1], and previous versions, which use the default namespace service account. [1] - https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.20.md#introducing-rootcaconfigmap * Set automountServiceAccountToken to false We don't need to access the k8s API from the debug partner pod. Co-authored-by: edcdavid <[email protected]>
1 parent 87b3bad commit c93553b

File tree

1 file changed

+1
-26
lines changed

1 file changed

+1
-26
lines changed

test-partner/debugpartner.yaml

Lines changed: 1 addition & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -38,9 +38,6 @@ spec:
3838
volumeMounts:
3939
- mountPath: /host
4040
name: host
41-
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
42-
name: kube-api-access-whppm
43-
readOnly: true
4441
enableServiceLinks: true
4542
hostNetwork: true
4643
hostPID: true
@@ -51,6 +48,7 @@ spec:
5148
securityContext: {}
5249
serviceAccount: default
5350
serviceAccountName: default
51+
automountServiceAccountToken: false
5452
terminationGracePeriodSeconds: 30
5553
tolerations:
5654
- effect: NoExecute
@@ -68,26 +66,3 @@ spec:
6866
path: /
6967
type: Directory
7068
name: host
71-
- name: kube-api-access-whppm
72-
projected:
73-
defaultMode: 420
74-
sources:
75-
- serviceAccountToken:
76-
expirationSeconds: 3607
77-
path: token
78-
- configMap:
79-
items:
80-
- key: ca.crt
81-
path: ca.crt
82-
name: kube-root-ca.crt
83-
- downwardAPI:
84-
items:
85-
- fieldRef:
86-
apiVersion: v1
87-
fieldPath: metadata.namespace
88-
path: namespace
89-
- configMap:
90-
items:
91-
- key: service-ca.crt
92-
path: service-ca.crt
93-
name: openshift-service-ca.crt

0 commit comments

Comments
 (0)