From 71978b0a0c7f6a8e1a6a482b7f8dd105b371d3de Mon Sep 17 00:00:00 2001
From: François Poirotte <clicky@erebot.net>
Date: Fri, 2 Sep 2022 00:29:24 +0200
Subject: Fix #15243 Set AutomountServiceAccountToken to false
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

podman does not use any service account token, so we set the automount flag
to false in podman generate kube.

Signed-off-by: François Poirotte <clicky@erebot.net>
---
 libpod/kube.go                 | 15 +++++++++------
 test/e2e/generate_kube_test.go |  4 ++++
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/libpod/kube.go b/libpod/kube.go
index a70782d69..a3bc7efff 100644
--- a/libpod/kube.go
+++ b/libpod/kube.go
@@ -470,13 +470,16 @@ func newPodObject(podName string, annotations map[string]string, initCtrs, conta
 	}
 	// Set enableServiceLinks to false as podman doesn't use the service port environment variables
 	enableServiceLinks := false
+	// Set automountServiceAccountToken to false as podman doesn't use service account tokens
+	automountServiceAccountToken := false
 	ps := v1.PodSpec{
-		Containers:         containers,
-		Hostname:           hostname,
-		HostNetwork:        hostNetwork,
-		InitContainers:     initCtrs,
-		Volumes:            volumes,
-		EnableServiceLinks: &enableServiceLinks,
+		Containers:                   containers,
+		Hostname:                     hostname,
+		HostNetwork:                  hostNetwork,
+		InitContainers:               initCtrs,
+		Volumes:                      volumes,
+		EnableServiceLinks:           &enableServiceLinks,
+		AutomountServiceAccountToken: &automountServiceAccountToken,
 	}
 	if dnsOptions != nil && (len(dnsOptions.Nameservers)+len(dnsOptions.Searches)+len(dnsOptions.Options) > 0) {
 		ps.DNSConfig = dnsOptions
diff --git a/test/e2e/generate_kube_test.go b/test/e2e/generate_kube_test.go
index 6a73d8ab6..99e6cd41d 100644
--- a/test/e2e/generate_kube_test.go
+++ b/test/e2e/generate_kube_test.go
@@ -73,6 +73,8 @@ var _ = Describe("Podman generate kube", func() {
 		Expect(pod).To(HaveField("Name", "top-pod"))
 		enableServiceLinks := false
 		Expect(pod.Spec).To(HaveField("EnableServiceLinks", &enableServiceLinks))
+		automountServiceAccountToken := false
+		Expect(pod.Spec).To(HaveField("AutomountServiceAccountToken", &automountServiceAccountToken))
 
 		numContainers := 0
 		for range pod.Spec.Containers {
@@ -169,6 +171,8 @@ var _ = Describe("Podman generate kube", func() {
 		Expect(pod.Spec).To(HaveField("HostNetwork", false))
 		enableServiceLinks := false
 		Expect(pod.Spec).To(HaveField("EnableServiceLinks", &enableServiceLinks))
+		automountServiceAccountToken := false
+		Expect(pod.Spec).To(HaveField("AutomountServiceAccountToken", &automountServiceAccountToken))
 
 		numContainers := 0
 		for range pod.Spec.Containers {
-- 
cgit v1.2.3-54-g00ecf