ER - enable setting spec.automountServiceAccountToken to 'false' for Weblogic Server PODs controlled by WKO Operator
Michalski-Piotr opened this issue · 3 comments
Hello,
One of our customer has requirement to set spec.automountServiceAccountToken to false for Weblogic Server PODs running in Kubernetes architecture (and controlled by Weblogic Operator).
This is driven by the security scan report:
**AVD-KSV-0036**
* AVD-KSV-0036 (MEDIUM): Container of Pod 'osb-domain-adminserver' should set 'spec.automountServiceAccountToken' to false
* AVD-KSV-0036 (MEDIUM): Container of Pod 'osb-domain-osb-server1' should set 'spec.automountServiceAccountToken' to false
* AVD-KSV-0036 (MEDIUM): Container of Pod 'osb-domain-osb-server2' should set 'spec.automountServiceAccountToken' to falseBased on analysis there is no automountServiceAccountToken field exposed as configurable based on Weblogic Kubernetes Operator domain.yaml configuration reference.
As Enhancement Request we would like to propose option to enable customers to configure this option for Weblogic Server pods.
Topic was discussed internally with Oracle Weblogic Kubernetes Operator Product Management Team and we have agreed to raise the Enhancement Request in GitHub.
Kind regards,
Piotr Michalski
Oracle CSS
Customer is using currently Weblogic Kubernetes Operator 4.2.9 and below versions:
This has been implemented in the branches for 4.3.0 and 4.2.17 and will be available once one of these versions is released.
Hi,
thank you.
For customer that raised this demand we are currently using Weblogic Kubernetes Operator 4.2.9 (as there is dependency with Oracle SOA/OSB Cloud Native base image version that is in use in the stack). We would add this configuration/setup once upgrading to one of this WKO version in future.
Regards,
Piotr Michalski