scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-11-02 11:18:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #37953 from liggitt/automount

Browse Source 
Automatic merge from submit-queue (batch tested with PRs 37137, 41506, 41239, 41511, 37953)

Add field to control service account token automounting

Fixes https://github.com/kubernetes/kubernetes/issues/16779

* adds an `automountServiceAccountToken *bool` field to `ServiceAccount` and `PodSpec`
* if set in both the service account and pod, the pod wins
* if unset in both the service account and pod, we automount for backwards compatibility

```release-note
An `automountServiceAccountToken *bool` field was added to ServiceAccount and PodSpec objects. If set to `false` on a pod spec, no service account token is automounted in the pod. If set to `false` on a service account, no service account token is automounted for that service account unless explicitly overridden in the pod spec.
```
This commit is contained in:
Kubernetes Submit Queue
2017-02-15 20:05:13 -08:00
committed by GitHub
parent b188cb1e8e 0c9fd4fbe7
commit 97212f5b3a
26 changed files with 1616 additions and 1097 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
pkg/generated/openapi/zz_generated.openapi.go
View File

@@ -6383,6 +6383,13 @@ func GetOpenAPIDefinitions(ref openapi.ReferenceCallback) map[string]openapi.Ope
Format: "",
},
},
"automountServiceAccountToken": {
SchemaProps: spec.SchemaProps{
Description: "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.",
Type: []string{"boolean"},
Format: "",
},
},
"nodeName": {
SchemaProps: spec.SchemaProps{
Description: "NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.",
@@ -8285,6 +8292,13 @@ func GetOpenAPIDefinitions(ref openapi.ReferenceCallback) map[string]openapi.Ope
},
},
},
"automountServiceAccountToken": {
SchemaProps: spec.SchemaProps{
Description: "AutomountServiceAccountToken indicates whether pods running as this service account should have an API token automatically mounted. Can be overridden at the pod level.",
Type: []string{"boolean"},
Format: "",
},
},
},
},
},