Skip to content

Option to mount ca.crt into pods without service accounts #53315

New issue
New issue
Closed
Closed
Option to mount ca.crt into pods without service accounts#53315
Assignees
mikedanese
Labels
kind/featureCategorizes issue or PR as related to a new feature.lifecycle/staleDenotes an issue or PR has remained open with no activity and has become stale.sig/authCategorizes an issue or PR as relevant to SIG Auth.
@F21

Description

@F21
F21
opened on Oct 1, 2017

Is this a BUG REPORT or FEATURE REQUEST?:
/kind feature

In 1.7.0, it's possible to ask Kubernetes to sign certificates using the certificates.k8s.io/v1beta1 api.

I want to heavily lean on this API to issue certificates for my pods. However, I do not want these pods to have access to a service account.

If I set automountServiceAccountToken: false in the pod's spec, it no longer mounts the service account token, but the ca.crt file is also no longer mounted.

It would be nice if there's an option to specify that while we don't need the service account, we still want the ca.crt file mounted.

Metadata

Metadata

Assignees

Labels

kind/featureCategorizes issue or PR as related to a new feature.lifecycle/staleDenotes an issue or PR has remained open with no activity and has become stale.sig/authCategorizes an issue or PR as relevant to SIG Auth.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions