README
¶
disable-automount-default-sa-controller
- The repo houses a kubernetes controller that watches the
defaultservice account across all namespaces and sets theautomountServiceAccountfield to false - By setting
automountServiceAccountTokentofalsefor all default service accounts, the controller fulfills the control 5.1.5 set by CIS Kubernetes benchmark - The controller is based on the example controllers available here
Prerequisites
- You will need to install
kindand its prerequisites for local testing - You will also need to install
curl,docker,makeandkubectl
Running tests
- Test uses the env test binaries and can be run locally using the following make target:
make tests
Deploying the controller in a local Kind cluster
- You can build and run the controller in the local kind cluster using the following commands:
make kind
-
The above command will create a new Kind cluster called
demobased on kubernetes version1.25.0and will build and import the Docker image into the Kind nodes -
Once the docker image is loaded into the Kind cluster, you can run it as a Kubernetes deployment using the following make target:
make deploy
- Check the logs from the controller using the following command:
make logs
- Cleanup the test cluster
make kind-delete-cluster
Documentation
¶
There is no documentation for this package.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.