From 77df23c866c4bd2398600d4c529e2ef70b89df75 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Mon, 4 Apr 2022 02:12:28 +0200
Subject: [PATCH] fix(hcloud-dynfw): Disable automounting of the serviceaccount
 token

Since the pod doesn't interact with the Kubernetes API, this adjustment
should help to lock it down further.
---
 apps/k8s01/hcloud-dynfw/cronjob.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/apps/k8s01/hcloud-dynfw/cronjob.yaml b/apps/k8s01/hcloud-dynfw/cronjob.yaml
index f0c2115e6..23b5f71aa 100644
--- a/apps/k8s01/hcloud-dynfw/cronjob.yaml
+++ b/apps/k8s01/hcloud-dynfw/cronjob.yaml
@@ -24,3 +24,4 @@ spec:
               - secretRef:
                   name: hcloud-dynfw-conf
           restartPolicy: OnFailure
+          automountServiceAccountToken: false
-- 
GitLab