Skip to content

fix: do not automount service account token#257

Merged
cb80 merged 1 commit intomainfrom
automountServiceAccountToken
Mar 18, 2026
Merged

fix: do not automount service account token#257
cb80 merged 1 commit intomainfrom
automountServiceAccountToken

Conversation

@cb80
Copy link
Copy Markdown
Contributor

@cb80 cb80 commented Mar 17, 2026
edited by coderabbitai Bot
Loading

https://sonarcloud.io/organizations/openkcm/rules?open=kubernetes%3AS6865&rule_key=kubernetes%3AS6865

Summary by CodeRabbit

  • Chores
    • Updated chart version to 0.9.2
    • Disabled automatic service account token mounting in housekeeper and session-manager deployment templates

@cb80 cb80 self-assigned this Mar 17, 2026
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Mar 17, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f549e900-e936-48e6-ac48-58755a063df2

📥 Commits

Reviewing files that changed from the base of the PR and between c508531 and dfecafc.

📒 Files selected for processing (3)
  • charts/session-manager/Chart.yaml
  • charts/session-manager/templates/housekeeper/deployment.yaml
  • charts/session-manager/templates/session-manager/deployment.yaml
📝 Walkthrough

Walkthrough

Version bump for the session-manager Helm chart from 0.9.1 to 0.9.2. Security configuration added to disable automatic service account token mounting in both the housekeeper and session-manager Kubernetes deployments.

Changes

Cohort / File(s) Summary
Chart Version Update
charts/session-manager/Chart.yaml		 Version bumped from 0.9.1 to 0.9.2.
Security Configuration
charts/session-manager/templates/housekeeper/deployment.yaml, charts/session-manager/templates/session-manager/deployment.yaml		 Added automountServiceAccountToken: false to pod specs to prevent automatic mounting of service account tokens.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 A version hops forward, security takes flight,
No tokens auto-mounted—the config shines bright!
From 0.9.1 we spring to 0.9.2 with care,
Two deployments now safer, a lock in the air! 🔐

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning The description only contains a link to a SonarCloud rule without any structured content matching the required template format. Add detailed description following the template: explain what the PR does, why it's needed, special reviewer notes, and release notes sections.
✅ Passed checks (2 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately describes the main change: disabling automatic service account token mounting in the Kubernetes deployments.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch automountServiceAccountToken
📝 Coding Plan
  • Generate coding plan for human review comments

Comment @coderabbitai help to get the list of available commands and usage tips.

@cb80 cb80 marked this pull request as ready for review March 17, 2026 07:19
@cb80 cb80 merged commit 7732114 into main Mar 18, 2026
7 checks passed
@cb80 cb80 deleted the automountServiceAccountToken branch March 18, 2026 12:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@protectorT1 protectorT1 protectorT1 approved these changes

@alienvspredator alienvspredator alienvspredator approved these changes

Assignees

@cb80 cb80

Labels

helm-chart

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cb80 @protectorT1 @alienvspredator