You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
For security reasons, mounting the Kubernetes service account token should only be done when absolutely necessary. I doubt, it is required for the use case here, but if so, you can just close this request.
Describe the solution you'd like
Set automountServiceAccountToken in the Pod spec to false by default. At the moment, it is not configurable / settable at all through the helm chart...
Describe alternatives you've considered
If needed, one can also just configure the mount manually for a single container so that the mount is only received for the one really needing it.
Additional context
This is part of a MS Defender for Cloud (MDC) recommendation: "Kubernetes clusters should disable automounting API credentials"
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
For security reasons, mounting the Kubernetes service account token should only be done when absolutely necessary. I doubt, it is required for the use case here, but if so, you can just close this request.
Describe the solution you'd like
Set
automountServiceAccountToken
in the Pod spec tofalse
by default. At the moment, it is not configurable / settable at all through the helm chart...Describe alternatives you've considered
If needed, one can also just configure the mount manually for a single container so that the mount is only received for the one really needing it.
Additional context
This is part of a MS Defender for Cloud (MDC) recommendation: "Kubernetes clusters should disable automounting API credentials"
The text was updated successfully, but these errors were encountered: