helm: don't automount Service token when integration is not enabled, improve k8s detection

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-07 16:16:17 +02:00
parent 12b1f53948
commit 4054e6da8c
5 changed files with 10 additions and 6 deletions
--- a/helm/templates/web-deployment.yaml
+++ b/helm/templates/web-deployment.yaml
@ -22,6 +22,7 @@ spec:
        app.kubernetes.io/instance: {{ .Release.Name }}
        k8s.goauthentik.io/component: web
    spec:
+      automountServiceAccountToken: false
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
--- a/helm/templates/worker-deployment.yaml
+++ b/helm/templates/worker-deployment.yaml
@ -24,6 +24,8 @@ spec:
    spec:
      {{- if .Values.kubernetesIntegration }}
      serviceAccountName: {{ include "authentik.fullname" . }}-sa
+      {{- else }}
+      automountServiceAccountToken: false
      {{- end }}
      affinity:
        podAntiAffinity: