Disable automounting service account token in servicelb pods

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-09-17 11:07:44 -07:00 · 2021-09-17 11:07:44 -07:00 · 64b502e92c
parent 7826407a2e
commit 64b502e92c
1 changed files with 4 additions and 0 deletions
--- a/pkg/servicelb/controller.go
+++ b/pkg/servicelb/controller.go
@ -25,6 +25,7 @@ import (
 	"k8s.io/client-go/kubernetes"
 	v1getter "k8s.io/client-go/kubernetes/typed/apps/v1"
 	coregetter "k8s.io/client-go/kubernetes/typed/core/v1"
+	utilpointer "k8s.io/utils/pointer"
 )

 var (
@ -327,6 +328,9 @@ func (h *handler) newDaemonSet(svc *core.Service) (*apps.DaemonSet, error) {
 						svcNameLabel: svc.Name,
 					},
 				},
+				Spec: core.PodSpec{
+					AutomountServiceAccountToken: utilpointer.Bool(false),
+				},
 			},
 			UpdateStrategy: apps.DaemonSetUpdateStrategy{
 				Type: apps.RollingUpdateDaemonSetStrategyType,