From 84471d3b12702a1db67a65044e171518365bdb69 Mon Sep 17 00:00:00 2001 From: Ram Yalamanchili Date: Fri, 15 Jun 2018 17:49:09 -0700 Subject: [PATCH] Automount serviceaccount tokens into tiller pod This is especially helpful when serviceaccounts are created with automountServiceAccountToken=false and the expectation is on the pods to define the security restrictions around token mounts. --- cmd/helm/installer/install.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cmd/helm/installer/install.go b/cmd/helm/installer/install.go index becf412a1..6d51f6e24 100644 --- a/cmd/helm/installer/install.go +++ b/cmd/helm/installer/install.go @@ -189,7 +189,8 @@ func generateDeployment(opts *Options) (*v1beta1.Deployment, error) { Labels: labels, }, Spec: v1.PodSpec{ - ServiceAccountName: opts.ServiceAccount, + ServiceAccountName: opts.ServiceAccount, + AutomountServiceAccountToken: &[]bool{true}[0], Containers: []v1.Container{ { Name: "tiller",