disable-automount-default-sa-controller

• The repo houses a kubernetes controller that watches the default service account across all namespaces and sets the automountServiceAccount field to false
• By setting automountServiceAccountToken to false for all default service accounts, the controller fulfills the control 5.1.5 set by CIS Kubernetes benchmark
• The controller is based on the example controllers available here

Prerequisites

• You will need to install kind and its prerequisites for local testing
• You will also need to install curl, docker, make and kubectl

Running tests

• Test uses the env test binaries and can be run locally using the following make target:

make tests

Deploying the controller in a local Kind cluster

• You can build and run the controller in a local kind cluster using the following make target:

  make kind

• The above command will create a new Kind cluster called demo based on kubernetes version 1.30.0 and will build and import the Docker image into the Kind nodes

• Once the docker image is loaded into the Kind cluster, you can run it as a Kubernetes deployment using the following make target:

  make deploy

• Check the logs from the controller using the following command:

  make logs

• Cleanup the test cluster

make kind-delete-cluster