linkerd2 icon indicating copy to clipboard operation
linkerd2 copied to clipboard

Published 20 hours ago verified publisher icon linkerd

Enable Linkerd proxy injection to work without "automountServiceAccountToken" set to true

Open HighWatersDev opened this issue 3 years ago • 2 comments

Feature Request

Enable Linkerd to inject proxy without needing automountServiceAccountToken set to true for mTLS.

What problem are you trying to solve?

By default automountServiceAccountToken is set to false. This is also recommended setting in certain environments.

How should the problem be solved?

One of the proposed solutions is to use token volume projection ref.

The other possible solution is to use admission controller as implemented by some other mesh services.

What do you want to happen? Add any considered drawbacks.

Alternative method of injecting proxy sidecar for mTLS without using service account token automount option.

Previously discussed in this issue: #4651

HighWatersDev avatar Sep 10 '21 20:09 HighWatersDev

I think this is resolved by #7117

snoord avatar Nov 04 '21 00:11 snoord

@snoord I think you're correct. It would be good to add a test that checks that a pod with automountServiceAccounToken: false becomes ready

olix0r avatar Nov 04 '21 00:11 olix0r