Exposing and hardening automount service account token property for service accounts
Related to this BB issue.
This MR allows the ServiceAccounts
created in this chart to be configured with automountServiceAccountToken
via a new value, .Values.serviceAccount.automountServiceAccountToken
.
Service accounts should have autoMountServiceAccountToken set to false unless required by pods. If pods require autoMountServiceAccountToken to be true; it should explicitly ask for it instead of relying on the service account to be generous.
This is in support of epic &146.
Edited by Dustin Hilgaertner