Enable Linkerd proxy injection to work without "automountServiceAccountToken" set to true #6862
Labels
area/identity
Automatic transport identity
area/injector
area/test
help wanted
priority/P1
Planned for Release
priority/triage
Feature Request
Enable Linkerd to inject proxy without needing
automountServiceAccountToken
set totrue
for mTLS.What problem are you trying to solve?
By default
automountServiceAccountToken
is set tofalse
. This is also recommended setting in certain environments.How should the problem be solved?
One of the proposed solutions is to use token volume projection ref.
The other possible solution is to use admission controller as implemented by some other mesh services.
What do you want to happen? Add any considered drawbacks.
Alternative method of injecting proxy sidecar for mTLS without using service account token automount option.
Previously discussed in this issue: #4651
The text was updated successfully, but these errors were encountered: