Merge pull request containers#15607 from fpoirotte/main

Fix containers#15243 Set AutomountServiceAccountToken to false
sstosh · Sep 8, 2022 · 6d8bafe · 6d8bafe
2 parents 7e2f002 + 71978b0
commit 6d8bafe
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 6 deletions.
diff --git a/libpod/kube.go b/libpod/kube.go
@@ -470,13 +470,16 @@ func newPodObject(podName string, annotations map[string]string, initCtrs, conta
 	}
 	// Set enableServiceLinks to false as podman doesn't use the service port environment variables
 	enableServiceLinks := false
+	// Set automountServiceAccountToken to false as podman doesn't use service account tokens
+	automountServiceAccountToken := false
 	ps := v1.PodSpec{
-		Containers:         containers,
-		Hostname:           hostname,
-		HostNetwork:        hostNetwork,
-		InitContainers:     initCtrs,
-		Volumes:            volumes,
-		EnableServiceLinks: &enableServiceLinks,
+		Containers:                   containers,
+		Hostname:                     hostname,
+		HostNetwork:                  hostNetwork,
+		InitContainers:               initCtrs,
+		Volumes:                      volumes,
+		EnableServiceLinks:           &enableServiceLinks,
+		AutomountServiceAccountToken: &automountServiceAccountToken,
 	}
 	if dnsOptions != nil && (len(dnsOptions.Nameservers)+len(dnsOptions.Searches)+len(dnsOptions.Options) > 0) {
 		ps.DNSConfig = dnsOptions

diff --git a/test/e2e/generate_kube_test.go b/test/e2e/generate_kube_test.go
@@ -73,6 +73,8 @@ var _ = Describe("Podman generate kube", func() {
 		Expect(pod).To(HaveField("Name", "top-pod"))
 		enableServiceLinks := false
 		Expect(pod.Spec).To(HaveField("EnableServiceLinks", &enableServiceLinks))
+		automountServiceAccountToken := false
+		Expect(pod.Spec).To(HaveField("AutomountServiceAccountToken", &automountServiceAccountToken))
 
 		numContainers := 0
 		for range pod.Spec.Containers {
@@ -169,6 +171,8 @@ var _ = Describe("Podman generate kube", func() {
 		Expect(pod.Spec).To(HaveField("HostNetwork", false))
 		enableServiceLinks := false
 		Expect(pod.Spec).To(HaveField("EnableServiceLinks", &enableServiceLinks))
+		automountServiceAccountToken := false
+		Expect(pod.Spec).To(HaveField("AutomountServiceAccountToken", &automountServiceAccountToken))
 
 		numContainers := 0
 		for range pod.Spec.Containers {