Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-20277

Edited multus-admission-controller deployment config to not add automountServiceAccountToken

    XMLWordPrintable

Details

    • Moderate
    • No
    • Rejected
    • False
    • Hide

      None

      Show
      None

    Description

      Description of problem: Our control plane security requires that cluster master pods not automount service acount tokens unless absolutely necessary.

      Version-Release number of selected component (if applicable):

       

      How reproducible:

       

      Steps to Reproduce:

      1. Retrieved the deployment files for both cluster-node-tuning-operator and multus-admission-controller
      2. Add the automountServiceAccountToken: false field
      3. Apply them again under the master namespace

      Actual results:

      automountServiceAccountToken: false

      Expected results:

      automountServiceAccountToken: false

      Additional info:

       

      Attachments

        Issue Links

          Activity

            People

              cpeterssonibm Carl Petersson (Inactive)
              cpeterssonibm Carl Petersson (Inactive)
              Weibin Liang Weibin Liang
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: