Skip to content

SKIP UPGRADE 1749-automountServiceAccounts-istio: adding mutator for the istio packages serviceaccount and pods

Chris Harden requested to merge 50-disable-defalt-automountsa-II into main

General MR


  This policy contains two rules, one that applies to the serviceaccount to disable 
  automounting the token and another rule that applies to the pod that will 
  override the serviceaccount setting because the pod truly needs access to the API.

There are instances when it is difficult or impossible to update serviceaccounts and pods when those resources are created and/or managed by a controller. This proved to be the case with the istio-controller and istio-operator packages and this initial commit applies to those resources and closes these issues https://repo1.dso.mil/big-bang/product/packages/istio-operator/-/issues/56 https://repo1.dso.mil/big-bang/product/packages/istio-controlplane/-/issues/115

Relevant logs/screenshots

(Include any relevant logs/screenshots)

Closes #50

Edited by Chris Harden

Merge request reports