SKIP UPGRADE 1749-automountServiceAccounts-istio: adding mutator for the istio packages serviceaccount and pods
General MR
Summary
This policy contains two rules, one that applies to the serviceaccount to disable
automounting the token and another rule that applies to the pod that will
override the serviceaccount setting because the pod truly needs access to the API.
There are instances when it is difficult or impossible to update serviceaccounts and pods when those resources are created and/or managed by a controller. This proved to be the case with the istio-controller
and istio-operator
packages and this initial commit applies to those resources and closes these issues
https://repo1.dso.mil/big-bang/product/packages/istio-operator/-/issues/56
https://repo1.dso.mil/big-bang/product/packages/istio-controlplane/-/issues/115
Relevant logs/screenshots
(Include any relevant logs/screenshots)
Closes #50