summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrançois Poirotte <clicky@erebot.net>2022-09-02 00:29:24 +0200
committerFrançois Poirotte <clicky@erebot.net>2022-09-04 22:51:56 +0200
commit71978b0a0c7f6a8e1a6a482b7f8dd105b371d3de (patch)
tree9cfa3b9bcd1c6ba6d040fd85149fa5d491a8afe9
parent9ab6449e36792734853eb59161ccd3bfe5d0d509 (diff)
downloadpodman-71978b0a0c7f6a8e1a6a482b7f8dd105b371d3de.tar.gz
podman-71978b0a0c7f6a8e1a6a482b7f8dd105b371d3de.tar.bz2
podman-71978b0a0c7f6a8e1a6a482b7f8dd105b371d3de.zip
Fix #15243 Set AutomountServiceAccountToken to false
podman does not use any service account token, so we set the automount flag to false in podman generate kube. Signed-off-by: François Poirotte <clicky@erebot.net>
-rw-r--r--libpod/kube.go15
-rw-r--r--test/e2e/generate_kube_test.go4
2 files changed, 13 insertions, 6 deletions
diff --git a/libpod/kube.go b/libpod/kube.go
index a70782d69..a3bc7efff 100644
--- a/libpod/kube.go
+++ b/libpod/kube.go
@@ -470,13 +470,16 @@ func newPodObject(podName string, annotations map[string]string, initCtrs, conta
}
// Set enableServiceLinks to false as podman doesn't use the service port environment variables
enableServiceLinks := false
+ // Set automountServiceAccountToken to false as podman doesn't use service account tokens
+ automountServiceAccountToken := false
ps := v1.PodSpec{
- Containers: containers,
- Hostname: hostname,
- HostNetwork: hostNetwork,
- InitContainers: initCtrs,
- Volumes: volumes,
- EnableServiceLinks: &enableServiceLinks,
+ Containers: containers,
+ Hostname: hostname,
+ HostNetwork: hostNetwork,
+ InitContainers: initCtrs,
+ Volumes: volumes,
+ EnableServiceLinks: &enableServiceLinks,
+ AutomountServiceAccountToken: &automountServiceAccountToken,
}
if dnsOptions != nil && (len(dnsOptions.Nameservers)+len(dnsOptions.Searches)+len(dnsOptions.Options) > 0) {
ps.DNSConfig = dnsOptions
diff --git a/test/e2e/generate_kube_test.go b/test/e2e/generate_kube_test.go
index 6a73d8ab6..99e6cd41d 100644
--- a/test/e2e/generate_kube_test.go
+++ b/test/e2e/generate_kube_test.go
@@ -73,6 +73,8 @@ var _ = Describe("Podman generate kube", func() {
Expect(pod).To(HaveField("Name", "top-pod"))
enableServiceLinks := false
Expect(pod.Spec).To(HaveField("EnableServiceLinks", &enableServiceLinks))
+ automountServiceAccountToken := false
+ Expect(pod.Spec).To(HaveField("AutomountServiceAccountToken", &automountServiceAccountToken))
numContainers := 0
for range pod.Spec.Containers {
@@ -169,6 +171,8 @@ var _ = Describe("Podman generate kube", func() {
Expect(pod.Spec).To(HaveField("HostNetwork", false))
enableServiceLinks := false
Expect(pod.Spec).To(HaveField("EnableServiceLinks", &enableServiceLinks))
+ automountServiceAccountToken := false
+ Expect(pod.Spec).To(HaveField("AutomountServiceAccountToken", &automountServiceAccountToken))
numContainers := 0
for range pod.Spec.Containers {