Allow ingestion of automountServiceAccountToken: false via Values for all deployments in Helm chart
#15105
Assignees
Labels
enhancement
New feature or request
Comments
|
As a quick update @shogunpurple -- while this would be useful I think for most peeps running shared clusters with some sort of governance in larger organisations, we managed to work around it using kustomize as a sort of post-renderer running after the helm chart for now. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Context
Our Kubernetes cluster is managed company wide and employs Gatekeeper Policies to enforce best practices and security settings cluster-wide. One of those settings demands that
automountServiceAccountToken: falsebe set for all individual pods and deployments, so malicious pods cannot get access to the k8s control plane.Feature description
We would love to be able to ingest that setting into all the deployments done by the Budibase helm chart, via
Values.yamllike so:I took a look and my guess is that implementation-wise it could be pretty close to how the
affinityandtolerationssettings work currently. They seem to get passed on to all the deployments as-is (or at least the few I checked).The text was updated successfully, but these errors were encountered: