From 55eaa660f227e6cfc5d359d73e520f329b681499 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Sat, 27 Jan 2024 16:13:07 +0100
Subject: [PATCH] chore(charts): Harden ServiceAccount objects by disabling
 automounting

This patch adds `automountServiceAccountToken: false` to various
ServiceAccount objects in order to disable automatic mounting of service
accounts tokens to Pods that never need to use them.
---
 charts/findmydevice/templates/serviceaccount.yaml | 1 +
 charts/hedgedoc/templates/serviceaccount.yaml     | 1 +
 charts/keycloak/templates/serviceaccount.yaml     | 1 +
 charts/mok/templates/serviceaccount.yaml          | 1 +
 charts/nut-exporter/templates/serviceaccount.yaml | 1 +
 5 files changed, 5 insertions(+)

diff --git a/charts/findmydevice/templates/serviceaccount.yaml b/charts/findmydevice/templates/serviceaccount.yaml
index 33d40b3ce..bc13f1372 100644
--- a/charts/findmydevice/templates/serviceaccount.yaml
+++ b/charts/findmydevice/templates/serviceaccount.yaml
@@ -9,4 +9,5 @@ metadata:
   annotations:
     {{- toYaml . | nindent 4 }}
   {{- end }}
+automountServiceAccountToken: false
 {{- end }}
diff --git a/charts/hedgedoc/templates/serviceaccount.yaml b/charts/hedgedoc/templates/serviceaccount.yaml
index 7dfb0ed66..9c8bf52eb 100644
--- a/charts/hedgedoc/templates/serviceaccount.yaml
+++ b/charts/hedgedoc/templates/serviceaccount.yaml
@@ -9,4 +9,5 @@ metadata:
   annotations:
     {{- toYaml . | nindent 4 }}
   {{- end }}
+automountServiceAccountToken: false
 {{- end }}
diff --git a/charts/keycloak/templates/serviceaccount.yaml b/charts/keycloak/templates/serviceaccount.yaml
index ef5153b77..0575e0c8a 100644
--- a/charts/keycloak/templates/serviceaccount.yaml
+++ b/charts/keycloak/templates/serviceaccount.yaml
@@ -9,4 +9,5 @@ metadata:
   annotations:
     {{- toYaml . | nindent 4 }}
   {{- end }}
+automountServiceAccountToken: false
 {{- end }}
diff --git a/charts/mok/templates/serviceaccount.yaml b/charts/mok/templates/serviceaccount.yaml
index e06dd08c0..e299c0a73 100644
--- a/charts/mok/templates/serviceaccount.yaml
+++ b/charts/mok/templates/serviceaccount.yaml
@@ -9,4 +9,5 @@ metadata:
   annotations:
     {{- toYaml . | nindent 4 }}
   {{- end }}
+automountServiceAccountToken: false
 {{- end }}
diff --git a/charts/nut-exporter/templates/serviceaccount.yaml b/charts/nut-exporter/templates/serviceaccount.yaml
index 6e2e2f244..c51e7e98f 100644
--- a/charts/nut-exporter/templates/serviceaccount.yaml
+++ b/charts/nut-exporter/templates/serviceaccount.yaml
@@ -9,4 +9,5 @@ metadata:
   annotations:
     {{- toYaml . | nindent 4 }}
   {{- end }}
+automountServiceAccountToken: false
 {{- end }}
-- 
GitLab