-
Notifications
You must be signed in to change notification settings - Fork 40.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Admission controller to attach additional secrets to a service account #9902
Comments
No… there's no place to indicate default mount points or intent to auto mount. I think @pmorie had one or more issues open about that specifically related to secrets, aside from service accounts, but not much happened with them yet |
Do you and pmorie agree this is something that we'd want to do in kubernetes, aside from the issue of agreeing on default mount points for ad-hoc secrets? |
Regarding the mount point: What about using an annotation in the secret and if none is given, mounting below |
Oh, and that should definitely be opt-in per container in the pod: Privilege separation within a pod! |
If it is opt in per container, then there is nothing left to do here! |
automountServiceAccountToken option was added to service account and to pod spec PodPresets allow automounting additional secrets/configmaps |
The following does not work but I would like it to:
@liggitt is there a way to talk the service account controller into mounting the second secret?
The text was updated successfully, but these errors were encountered: