Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-44831

alertmanager-user-workload Service Account shouldn't be configured with automount token.

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • 4.18.0
    • Monitoring
    • None
    • Moderate
    • None
    • MON Sprint 262
    • 1
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      The alertmanager-user-workload Service Account has "automountServiceAccountToken: true"  

      Version-Release number of selected component (if applicable):

          4.18

      How reproducible:

          Always

      Steps to Reproduce:

          1. Enable Alertmanager for user-defined monitoring.
    2. oc get sa -n openshift-user-workload-monitoring alertmanager-user-workload -o yaml
    3.

      Actual results:

          Has "automountServiceAccountToken: true"

      Expected results:

          Has "automountServiceAccountToken: false" or no mention of automountServiceAccountToken.

      Additional info:

          It is recommended to not enable token automount for service accounts in general.

              spasquie@redhat.com Simon Pasquier
              spasquie@redhat.com Simon Pasquier
              Junqi Zhao Junqi Zhao
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: