Enable Linkerd proxy injection to work without "automountServiceAccountToken" set to true #6862

HighWatersDev · 2021-09-10T20:13:42Z

Feature Request

Enable Linkerd to inject proxy without needing automountServiceAccountToken set to true for mTLS.

By default automountServiceAccountToken is set to false. This is also recommended setting in certain environments.

One of the proposed solutions is to use token volume projection ref.

The other possible solution is to use admission controller as implemented by some other mesh services.

What do you want to happen? Add any considered drawbacks.

Alternative method of injecting proxy sidecar for mTLS without using service account token automount option.

Previously discussed in this issue: #4651

The text was updated successfully, but these errors were encountered:

snoord · 2021-11-04T00:13:25Z

I think this is resolved by #7117

olix0r · 2021-11-04T00:43:53Z

@snoord I think you're correct. It would be good to add a test that checks that a pod with automountServiceAccounToken: false becomes ready

olix0r added help wanted area/injector area/identity Automatic transport identity labels Sep 13, 2021

olix0r added this to the stable-2.12.0 milestone Sep 13, 2021

adleong added the area/test label Nov 9, 2021

olix0r added the priority/P1 Planned for Release label Jan 21, 2022

alpeb self-assigned this Feb 11, 2022

olix0r unassigned alpeb Jun 9, 2022

adleong removed this from the stable-2.12.0 milestone Aug 4, 2022

adleong added the priority/triage label Aug 4, 2022

olix0r closed this as completed Mar 3, 2023

github-actions bot locked as resolved and limited conversation to collaborators Apr 2, 2023