- The repo houses a kubernetes controller that watches the
defaultservice account across all namespaces and sets theautomountServiceAccountfield to false - By setting
automountServiceAccountTokentofalsefor all default service accounts, the controller fulfills the control 5.1.5 set by CIS Kubernetes benchmark - The controller is based on the example controllers available here
- You will need to install
kindand its prerequisites for local testing - You will also need to install
curl,docker,makeandkubectl
- Test uses the env test binaries and can be run locally using the following make target:
make tests- You can build and run the controller in a local kind cluster using the following make target:
make kind-
The above command will create a new Kind cluster called
demobased on kubernetes version1.30.0and will build and import the Docker image into the Kind nodes -
Once the docker image is loaded into the Kind cluster, you can run it as a Kubernetes deployment using the following make target:
make deploy- Check the logs from the controller using the following command:
make logs- Cleanup the test cluster
make kind-delete-cluster