Mitigate automountServiceAccountToken findings
General MR
Summary
This MR includes default value modifications in chart/values.yaml to:
- Enable creation of dedicated ServiceAccounts (as opposed to just using the
defaultSA) - Disable API token auto-mounting for Pods utilizing said ServiceAccount.
This essentially means that containers in the sonarqube-postgresql-0 and sonaqube-sonarqube-0 Pods are now utilizing a ServiceAccount (sonarqube-postgresql and sonarqube-sonarqube respectively), and no longer have access to the Kubernetes API via their API token previously mounted at /var/run/secrets/kubernetes.io/serviceaccount/token.
My manual testing of the package according to DEVELOPMENT_MAINTENANCE.md has shown no loss of functionality - but if the codeowners are aware of any potential breakage, please let me know!
This is in support of epic &146.
Relates #76
Edited by Justen Mehl