Specify automountServiceAccountToken: true on Deployments (#950)

#922

Signed-off-by: juliankatz <juliankatz@google.com>

diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
index 50a9dad..d8e1032 100644
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -41,6 +41,7 @@ spec:
                   - webhook
               topologyKey: kubernetes.io/hostname
       serviceAccountName: admin
+      automountServiceAccountToken: true
       containers:
         - command:
             - /manager
@@ -118,6 +119,7 @@ spec:
       annotations:
         container.seccomp.security.alpha.kubernetes.io/manager: runtime/default
     spec:
+      automountServiceAccountToken: true
       containers:
         - args:
             - --operation=audit
diff --git a/manifest_staging/charts/gatekeeper/templates/gatekeeper-audit-deployment.yaml b/manifest_staging/charts/gatekeeper/templates/gatekeeper-audit-deployment.yaml
index aee81cd..b5e1032 100644
--- a/manifest_staging/charts/gatekeeper/templates/gatekeeper-audit-deployment.yaml
+++ b/manifest_staging/charts/gatekeeper/templates/gatekeeper-audit-deployment.yaml
@@ -35,6 +35,7 @@ spec:
         heritage: '{{ .Release.Service }}'
         release: '{{ .Release.Name }}'
     spec:
+      automountServiceAccountToken: true
       containers:
       - args:
         - --audit-interval={{ .Values.auditInterval }}
diff --git a/manifest_staging/charts/gatekeeper/templates/gatekeeper-controller-manager-deployment.yaml b/manifest_staging/charts/gatekeeper/templates/gatekeeper-controller-manager-deployment.yaml
index a580228..0d17094 100644
--- a/manifest_staging/charts/gatekeeper/templates/gatekeeper-controller-manager-deployment.yaml
+++ b/manifest_staging/charts/gatekeeper/templates/gatekeeper-controller-manager-deployment.yaml
@@ -47,6 +47,7 @@ spec:
                   - webhook
               topologyKey: kubernetes.io/hostname
             weight: 100
+      automountServiceAccountToken: true
       containers:
       - args:
         - --port=8443
diff --git a/manifest_staging/deploy/gatekeeper.yaml b/manifest_staging/deploy/gatekeeper.yaml
index b1dd78d..c03015f 100644
--- a/manifest_staging/deploy/gatekeeper.yaml
+++ b/manifest_staging/deploy/gatekeeper.yaml
@@ -675,6 +675,7 @@ spec:
         gatekeeper.sh/operation: audit
         gatekeeper.sh/system: "yes"
     spec:
+      automountServiceAccountToken: true
       containers:
       - args:
         - --operation=audit
@@ -767,6 +768,7 @@ spec:
                   - webhook
               topologyKey: kubernetes.io/hostname
             weight: 100
+      automountServiceAccountToken: true
       containers:
       - args:
         - --port=8443

Co-authored-by: Max Smythe <smythe@google.com>

config/manager/manager.yaml

@@ -41,6 +41,7 @@ spec:
                   - webhook
               topologyKey: kubernetes.io/hostname
       serviceAccountName: admin
+      automountServiceAccountToken: true
       containers:
         - command:
             - /manager
@@ -118,6 +119,7 @@ spec:
       annotations:
         container.seccomp.security.alpha.kubernetes.io/manager: runtime/default
     spec:
+      automountServiceAccountToken: true
       containers:
         - args:
             - --operation=audit

manifest_staging/charts/gatekeeper/templates/gatekeeper-audit-deployment.yaml

@@ -35,6 +35,7 @@ spec:
         heritage: '{{ .Release.Service }}'
         release: '{{ .Release.Name }}'
     spec:
+      automountServiceAccountToken: true
       containers:
       - args:
         - --audit-interval={{ .Values.auditInterval }}

manifest_staging/charts/gatekeeper/templates/gatekeeper-controller-manager-deployment.yaml

@@ -47,6 +47,7 @@ spec:
                   - webhook
               topologyKey: kubernetes.io/hostname
             weight: 100
+      automountServiceAccountToken: true
       containers:
       - args:
         - --port=8443

manifest_staging/deploy/gatekeeper.yaml

@@ -675,6 +675,7 @@ spec:
         gatekeeper.sh/operation: audit
         gatekeeper.sh/system: "yes"
     spec:
+      automountServiceAccountToken: true
       containers:
       - args:
         - --operation=audit
@@ -767,6 +768,7 @@ spec:
                   - webhook
               topologyKey: kubernetes.io/hostname
             weight: 100
+      automountServiceAccountToken: true
       containers:
       - args:
         - --port=8443