Skip to content

feat(chart): expose automountServiceAccountToken in the csi-driver chart#700

Open
yugstar wants to merge 1 commit into
cert-manager:mainfrom
yugstar:feat-csi-driver-automount
Open

feat(chart): expose automountServiceAccountToken in the csi-driver chart#700
yugstar wants to merge 1 commit into
cert-manager:mainfrom
yugstar:feat-csi-driver-automount

Conversation

@yugstar

@yugstar yugstar commented Jul 11, 2026

Copy link
Copy Markdown

What

Adds an automountServiceAccountToken value to the csi-driver chart so operators can disable automatic mounting of the ServiceAccount token on the csi-driver pod — a common security-hardening request, matching the option already in the trust-manager chart.

Details

  • New automountServiceAccountToken value (defaults to true, preserving current behaviour).
  • Rendered on the DaemonSet pod spec via {{- if hasKey .Values "automountServiceAccountToken" }}.
  • Regenerated values.schema.json and README.md with helm-tool.

helm lint passes; helm template --set automountServiceAccountToken=false renders the field correctly.

Allow disabling automatic mounting of the ServiceAccount token on the
csi-driver pod, matching the option in the trust-manager chart. Defaults
to true, preserving current behaviour. Regenerated the values schema and
README.

Signed-off-by: Aman Raj <aman.yug@gmail.com>
@cert-manager-prow cert-manager-prow Bot added the dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. label Jul 11, 2026
@cert-manager-prow

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign hjoshi123 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@cert-manager-prow

Copy link
Copy Markdown
Contributor

Hi @yugstar. Thanks for your PR.

I'm waiting for a cert-manager member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Tip

We noticed you've done this a few times! Consider joining the org to skip this step and gain /lgtm and other bot rights. We recommend asking approvers on your previous PRs to sponsor you.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@cert-manager-prow cert-manager-prow Bot added needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jul 11, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant