From 71978b0a0c7f6a8e1a6a482b7f8dd105b371d3de Mon Sep 17 00:00:00 2001 From: François Poirotte <clicky@erebot.net> Date: Fri, 2 Sep 2022 00:29:24 +0200 Subject: Fix #15243 Set AutomountServiceAccountToken to false MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit podman does not use any service account token, so we set the automount flag to false in podman generate kube. Signed-off-by: François Poirotte <clicky@erebot.net> --- libpod/kube.go | 15 +++++++++------ test/e2e/generate_kube_test.go | 4 ++++ 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/libpod/kube.go b/libpod/kube.go index a70782d69..a3bc7efff 100644 --- a/libpod/kube.go +++ b/libpod/kube.go @@ -470,13 +470,16 @@ func newPodObject(podName string, annotations map[string]string, initCtrs, conta } // Set enableServiceLinks to false as podman doesn't use the service port environment variables enableServiceLinks := false + // Set automountServiceAccountToken to false as podman doesn't use service account tokens + automountServiceAccountToken := false ps := v1.PodSpec{ - Containers: containers, - Hostname: hostname, - HostNetwork: hostNetwork, - InitContainers: initCtrs, - Volumes: volumes, - EnableServiceLinks: &enableServiceLinks, + Containers: containers, + Hostname: hostname, + HostNetwork: hostNetwork, + InitContainers: initCtrs, + Volumes: volumes, + EnableServiceLinks: &enableServiceLinks, + AutomountServiceAccountToken: &automountServiceAccountToken, } if dnsOptions != nil && (len(dnsOptions.Nameservers)+len(dnsOptions.Searches)+len(dnsOptions.Options) > 0) { ps.DNSConfig = dnsOptions diff --git a/test/e2e/generate_kube_test.go b/test/e2e/generate_kube_test.go index 6a73d8ab6..99e6cd41d 100644 --- a/test/e2e/generate_kube_test.go +++ b/test/e2e/generate_kube_test.go @@ -73,6 +73,8 @@ var _ = Describe("Podman generate kube", func() { Expect(pod).To(HaveField("Name", "top-pod")) enableServiceLinks := false Expect(pod.Spec).To(HaveField("EnableServiceLinks", &enableServiceLinks)) + automountServiceAccountToken := false + Expect(pod.Spec).To(HaveField("AutomountServiceAccountToken", &automountServiceAccountToken)) numContainers := 0 for range pod.Spec.Containers { @@ -169,6 +171,8 @@ var _ = Describe("Podman generate kube", func() { Expect(pod.Spec).To(HaveField("HostNetwork", false)) enableServiceLinks := false Expect(pod.Spec).To(HaveField("EnableServiceLinks", &enableServiceLinks)) + automountServiceAccountToken := false + Expect(pod.Spec).To(HaveField("AutomountServiceAccountToken", &automountServiceAccountToken)) numContainers := 0 for range pod.Spec.Containers { -- cgit v1.2.3-54-g00ecf