Improvement To Be Made By Engineering Team:

• Ignore the "imagePullSecrets" and "secrets" fields on ServiceAccount objects since they are essentially status and automatically managed by Kubernetes.

  Description of problem:

The compliance type mustonlyhave on config-policy-controller creates numerous secrets. This has been implemented in ACM-11045.

The creation of tens of thousands of secrets causing etcd to slow down and crash on multiple clusters. This started after the automated update of the ACM Operator to version 2.9.4

Version-Release number of selected component (if applicable):

ACM 2.9.4

How reproducible:

Always

Steps to Reproduce:

1. Have a policy with kind serviceccount and complianceType: mustonlyhave.

1. Run this in a cluster with ACM, the SA tokens keep generating. 

Actual results:

The secrets are continuously being created. 

Expected results:

Only one secret should be created.

Additional info:

Workaround is to change the policy compliance type to:

complianceType: musthave

and reapply, they stop generating.