diff --git a/clusters/cl01tl/manifests/homepage/Deployment-homepage.yaml b/clusters/cl01tl/manifests/homepage/Deployment-homepage.yaml index b60877c61..dc5e913ae 100644 --- a/clusters/cl01tl/manifests/homepage/Deployment-homepage.yaml +++ b/clusters/cl01tl/manifests/homepage/Deployment-homepage.yaml @@ -25,7 +25,6 @@ spec: metadata: annotations: checksum/configMaps: e9ad0ea163de6974f11ff965c12acd6223b75d1661495978c45dd9b790976b78 - checksum/secrets: d3ba83f111cd32f92c909268c55ad8bbd4f9e299b74b35b33c1a011180d8b378 labels: app.kubernetes.io/controller: main app.kubernetes.io/instance: homepage diff --git a/clusters/cl01tl/manifests/homepage/Secret-homepage-homepage-sa-token.yaml b/clusters/cl01tl/manifests/homepage/Secret-homepage-homepage-sa-token.yaml deleted file mode 100644 index c430154c7..000000000 --- a/clusters/cl01tl/manifests/homepage/Secret-homepage-homepage-sa-token.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: homepage-homepage-sa-token - labels: - app.kubernetes.io/instance: homepage - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: homepage - helm.sh/chart: homepage-5.0.0 - annotations: - kubernetes.io/service-account.name: homepage - namespace: homepage diff --git a/clusters/cl01tl/manifests/homepage/ServiceAccount-homepage.yaml b/clusters/cl01tl/manifests/homepage/ServiceAccount-homepage.yaml index 5e6c75e02..d592445dc 100644 --- a/clusters/cl01tl/manifests/homepage/ServiceAccount-homepage.yaml +++ b/clusters/cl01tl/manifests/homepage/ServiceAccount-homepage.yaml @@ -8,5 +8,3 @@ metadata: app.kubernetes.io/name: homepage helm.sh/chart: homepage-5.0.0 namespace: homepage -secrets: - - name: homepage-homepage-sa-token diff --git a/clusters/cl01tl/manifests/immich/Deployment-immich.yaml b/clusters/cl01tl/manifests/immich/Deployment-immich.yaml index e191037f5..4d4ffa4ac 100644 --- a/clusters/cl01tl/manifests/immich/Deployment-immich.yaml +++ b/clusters/cl01tl/manifests/immich/Deployment-immich.yaml @@ -21,8 +21,6 @@ spec: app.kubernetes.io/instance: immich template: metadata: - annotations: - checksum/secrets: 46a3f57ca394cccffc419e0c17f5d5f366374b0651c02c507636c53c0b5f33e6 labels: app.kubernetes.io/controller: main app.kubernetes.io/instance: immich @@ -30,7 +28,7 @@ spec: spec: enableServiceLinks: false serviceAccountName: immich - automountServiceAccountToken: false + automountServiceAccountToken: true hostIPC: false hostNetwork: false hostPID: false diff --git a/clusters/cl01tl/manifests/immich/Secret-immich-immich-sa-token.yaml b/clusters/cl01tl/manifests/immich/Secret-immich-immich-sa-token.yaml deleted file mode 100644 index 3335b377c..000000000 --- a/clusters/cl01tl/manifests/immich/Secret-immich-immich-sa-token.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: immich-immich-sa-token - labels: - app.kubernetes.io/instance: immich - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: immich - helm.sh/chart: immich-5.0.0 - annotations: - kubernetes.io/service-account.name: immich - namespace: immich diff --git a/clusters/cl01tl/manifests/immich/ServiceAccount-immich.yaml b/clusters/cl01tl/manifests/immich/ServiceAccount-immich.yaml index c3f5be803..fa939882d 100644 --- a/clusters/cl01tl/manifests/immich/ServiceAccount-immich.yaml +++ b/clusters/cl01tl/manifests/immich/ServiceAccount-immich.yaml @@ -8,5 +8,3 @@ metadata: app.kubernetes.io/name: immich helm.sh/chart: immich-5.0.0 namespace: immich -secrets: - - name: immich-immich-sa-token diff --git a/clusters/cl01tl/manifests/isponsorblocktv/Deployment-isponsorblocktv.yaml b/clusters/cl01tl/manifests/isponsorblocktv/Deployment-isponsorblocktv.yaml index 1848b5ae7..98159d4ee 100644 --- a/clusters/cl01tl/manifests/isponsorblocktv/Deployment-isponsorblocktv.yaml +++ b/clusters/cl01tl/manifests/isponsorblocktv/Deployment-isponsorblocktv.yaml @@ -21,8 +21,6 @@ spec: app.kubernetes.io/instance: isponsorblocktv template: metadata: - annotations: - checksum/secrets: 52c2d3d6ede4f29240a1e0b99194b49369a163b0b24f28d9c14e0d8aa584d6a8 labels: app.kubernetes.io/controller: main app.kubernetes.io/instance: isponsorblocktv @@ -30,7 +28,7 @@ spec: spec: enableServiceLinks: false serviceAccountName: isponsorblocktv - automountServiceAccountToken: false + automountServiceAccountToken: true hostIPC: false hostNetwork: false hostPID: false diff --git a/clusters/cl01tl/manifests/isponsorblocktv/Secret-isponsorblocktv-isponsorblocktv-sa-token.yaml b/clusters/cl01tl/manifests/isponsorblocktv/Secret-isponsorblocktv-isponsorblocktv-sa-token.yaml deleted file mode 100644 index 7ffd2584e..000000000 --- a/clusters/cl01tl/manifests/isponsorblocktv/Secret-isponsorblocktv-isponsorblocktv-sa-token.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: isponsorblocktv-isponsorblocktv-sa-token - labels: - app.kubernetes.io/instance: isponsorblocktv - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: isponsorblocktv - helm.sh/chart: isponsorblocktv-5.0.0 - annotations: - kubernetes.io/service-account.name: isponsorblocktv - namespace: isponsorblocktv diff --git a/clusters/cl01tl/manifests/isponsorblocktv/ServiceAccount-isponsorblocktv.yaml b/clusters/cl01tl/manifests/isponsorblocktv/ServiceAccount-isponsorblocktv.yaml index 138dc7ab3..f8f260580 100644 --- a/clusters/cl01tl/manifests/isponsorblocktv/ServiceAccount-isponsorblocktv.yaml +++ b/clusters/cl01tl/manifests/isponsorblocktv/ServiceAccount-isponsorblocktv.yaml @@ -8,5 +8,3 @@ metadata: app.kubernetes.io/name: isponsorblocktv helm.sh/chart: isponsorblocktv-5.0.0 namespace: isponsorblocktv -secrets: - - name: isponsorblocktv-isponsorblocktv-sa-token diff --git a/clusters/cl01tl/manifests/kube-prometheus-stack/Deployment-ntfy-alertmanager.yaml b/clusters/cl01tl/manifests/kube-prometheus-stack/Deployment-ntfy-alertmanager.yaml index 997169fe8..63d6a67aa 100644 --- a/clusters/cl01tl/manifests/kube-prometheus-stack/Deployment-ntfy-alertmanager.yaml +++ b/clusters/cl01tl/manifests/kube-prometheus-stack/Deployment-ntfy-alertmanager.yaml @@ -21,16 +21,14 @@ spec: app.kubernetes.io/instance: kube-prometheus-stack template: metadata: - annotations: - checksum/secrets: 3c0d4bd47e7d4f71ba55611ddc7b74c5f3ec1cedcc474b15ac0a00daab9b791a labels: app.kubernetes.io/controller: main app.kubernetes.io/instance: kube-prometheus-stack app.kubernetes.io/name: kube-prometheus-stack spec: enableServiceLinks: false - serviceAccountName: ntfy-alertmanager - automountServiceAccountToken: false + serviceAccountName: kube-prometheus-stack + automountServiceAccountToken: true hostIPC: false hostNetwork: false hostPID: false diff --git a/clusters/cl01tl/manifests/kube-prometheus-stack/Secret-ntfy-alertmanager-ntfy-alertmanager-sa-token.yaml b/clusters/cl01tl/manifests/kube-prometheus-stack/Secret-ntfy-alertmanager-ntfy-alertmanager-sa-token.yaml deleted file mode 100644 index 6c30127ec..000000000 --- a/clusters/cl01tl/manifests/kube-prometheus-stack/Secret-ntfy-alertmanager-ntfy-alertmanager-sa-token.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: ntfy-alertmanager-ntfy-alertmanager-sa-token - labels: - app.kubernetes.io/instance: kube-prometheus-stack - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kube-prometheus-stack - helm.sh/chart: ntfy-alertmanager-5.0.0 - annotations: - kubernetes.io/service-account.name: ntfy-alertmanager - namespace: kube-prometheus-stack diff --git a/clusters/cl01tl/manifests/kube-prometheus-stack/ServiceAccount-ntfy-alertmanager.yaml b/clusters/cl01tl/manifests/kube-prometheus-stack/ServiceAccount-ntfy-alertmanager.yaml index fbe58393a..d26db7baa 100644 --- a/clusters/cl01tl/manifests/kube-prometheus-stack/ServiceAccount-ntfy-alertmanager.yaml +++ b/clusters/cl01tl/manifests/kube-prometheus-stack/ServiceAccount-ntfy-alertmanager.yaml @@ -8,5 +8,3 @@ metadata: app.kubernetes.io/name: kube-prometheus-stack helm.sh/chart: ntfy-alertmanager-5.0.0 namespace: kube-prometheus-stack -secrets: - - name: ntfy-alertmanager-ntfy-alertmanager-sa-token diff --git a/clusters/cl01tl/manifests/kubelet-serving-cert-approver/Deployment-kubelet-serving-cert-approver.yaml b/clusters/cl01tl/manifests/kubelet-serving-cert-approver/Deployment-kubelet-serving-cert-approver.yaml index d1dfbae1d..b3910ac86 100644 --- a/clusters/cl01tl/manifests/kubelet-serving-cert-approver/Deployment-kubelet-serving-cert-approver.yaml +++ b/clusters/cl01tl/manifests/kubelet-serving-cert-approver/Deployment-kubelet-serving-cert-approver.yaml @@ -21,8 +21,6 @@ spec: app.kubernetes.io/instance: kubelet-serving-cert-approver template: metadata: - annotations: - checksum/secrets: 591a33eca0bc5c4a8475d0538f3f4840841582c86a3ac2c97147b2b00e5774c5 labels: app.kubernetes.io/controller: main app.kubernetes.io/instance: kubelet-serving-cert-approver diff --git a/clusters/cl01tl/manifests/kubelet-serving-cert-approver/Secret-kubelet-serving-cert-approver-kubelet-serving-cert-approver-sa-token.yaml b/clusters/cl01tl/manifests/kubelet-serving-cert-approver/Secret-kubelet-serving-cert-approver-kubelet-serving-cert-approver-sa-token.yaml deleted file mode 100644 index 66f5faabb..000000000 --- a/clusters/cl01tl/manifests/kubelet-serving-cert-approver/Secret-kubelet-serving-cert-approver-kubelet-serving-cert-approver-sa-token.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: kubelet-serving-cert-approver-kubelet-serving-cert-approver-sa-token - labels: - app.kubernetes.io/instance: kubelet-serving-cert-approver - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: kubelet-serving-cert-approver - helm.sh/chart: kubelet-serving-cert-approver-5.0.0 - annotations: - kubernetes.io/service-account.name: kubelet-serving-cert-approver - namespace: kubelet-serving-cert-approver diff --git a/clusters/cl01tl/manifests/kubelet-serving-cert-approver/ServiceAccount-kubelet-serving-cert-approver.yaml b/clusters/cl01tl/manifests/kubelet-serving-cert-approver/ServiceAccount-kubelet-serving-cert-approver.yaml index 9b6fe6875..0c3a80d68 100644 --- a/clusters/cl01tl/manifests/kubelet-serving-cert-approver/ServiceAccount-kubelet-serving-cert-approver.yaml +++ b/clusters/cl01tl/manifests/kubelet-serving-cert-approver/ServiceAccount-kubelet-serving-cert-approver.yaml @@ -8,5 +8,3 @@ metadata: app.kubernetes.io/name: kubelet-serving-cert-approver helm.sh/chart: kubelet-serving-cert-approver-5.0.0 namespace: kubelet-serving-cert-approver -secrets: - - name: kubelet-serving-cert-approver-kubelet-serving-cert-approver-sa-token diff --git a/clusters/cl01tl/manifests/matrix-synapse/Deployment-matrix-hookshot.yaml b/clusters/cl01tl/manifests/matrix-synapse/Deployment-matrix-hookshot.yaml index c889f0397..adf2fddf7 100644 --- a/clusters/cl01tl/manifests/matrix-synapse/Deployment-matrix-hookshot.yaml +++ b/clusters/cl01tl/manifests/matrix-synapse/Deployment-matrix-hookshot.yaml @@ -27,7 +27,7 @@ spec: app.kubernetes.io/name: matrix-hookshot spec: enableServiceLinks: false - serviceAccountName: matrix-synapse + serviceAccountName: default automountServiceAccountToken: false hostIPC: false hostNetwork: false diff --git a/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-main.yaml b/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-main.yaml index b051a5648..1e5e0ed60 100644 --- a/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-main.yaml +++ b/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-main.yaml @@ -21,8 +21,6 @@ spec: app.kubernetes.io/instance: qbittorrent template: metadata: - annotations: - checksum/secrets: 545cc0ac43a8c257917ff35f6fed45976eaefcbaed5d63bbd60d3b932dc71794 labels: app.kubernetes.io/controller: main app.kubernetes.io/instance: qbittorrent diff --git a/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-qbit-manage.yaml b/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-qbit-manage.yaml index 528dfea5b..cd4312da6 100644 --- a/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-qbit-manage.yaml +++ b/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-qbit-manage.yaml @@ -23,8 +23,6 @@ spec: app.kubernetes.io/instance: qbittorrent template: metadata: - annotations: - checksum/secrets: 545cc0ac43a8c257917ff35f6fed45976eaefcbaed5d63bbd60d3b932dc71794 labels: app.kubernetes.io/controller: qbit-manage app.kubernetes.io/instance: qbittorrent @@ -32,7 +30,7 @@ spec: spec: enableServiceLinks: false serviceAccountName: qbittorrent - automountServiceAccountToken: false + automountServiceAccountToken: true hostIPC: false hostNetwork: false hostPID: false diff --git a/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-qui.yaml b/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-qui.yaml index c906c087a..c6c4cd7bb 100644 --- a/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-qui.yaml +++ b/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-qui.yaml @@ -21,8 +21,6 @@ spec: app.kubernetes.io/instance: qbittorrent template: metadata: - annotations: - checksum/secrets: 545cc0ac43a8c257917ff35f6fed45976eaefcbaed5d63bbd60d3b932dc71794 labels: app.kubernetes.io/controller: qui app.kubernetes.io/instance: qbittorrent diff --git a/clusters/cl01tl/manifests/qbittorrent/Secret-qbittorrent-qbittorrent-sa-token.yaml b/clusters/cl01tl/manifests/qbittorrent/Secret-qbittorrent-qbittorrent-sa-token.yaml deleted file mode 100644 index 648247b7f..000000000 --- a/clusters/cl01tl/manifests/qbittorrent/Secret-qbittorrent-qbittorrent-sa-token.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: qbittorrent-qbittorrent-sa-token - labels: - app.kubernetes.io/instance: qbittorrent - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: qbittorrent - helm.sh/chart: qbittorrent-5.0.0 - annotations: - kubernetes.io/service-account.name: qbittorrent - namespace: qbittorrent diff --git a/clusters/cl01tl/manifests/qbittorrent/ServiceAccount-qbittorrent.yaml b/clusters/cl01tl/manifests/qbittorrent/ServiceAccount-qbittorrent.yaml index 81324dd5b..617f32174 100644 --- a/clusters/cl01tl/manifests/qbittorrent/ServiceAccount-qbittorrent.yaml +++ b/clusters/cl01tl/manifests/qbittorrent/ServiceAccount-qbittorrent.yaml @@ -8,5 +8,3 @@ metadata: app.kubernetes.io/name: qbittorrent helm.sh/chart: qbittorrent-5.0.0 namespace: qbittorrent -secrets: - - name: qbittorrent-qbittorrent-sa-token diff --git a/clusters/cl01tl/manifests/searxng/Deployment-searxng-api.yaml b/clusters/cl01tl/manifests/searxng/Deployment-searxng-api.yaml index 49e5e7e48..6b7698683 100644 --- a/clusters/cl01tl/manifests/searxng/Deployment-searxng-api.yaml +++ b/clusters/cl01tl/manifests/searxng/Deployment-searxng-api.yaml @@ -21,6 +21,8 @@ spec: app.kubernetes.io/instance: searxng template: metadata: + annotations: + checksum/secrets: bde85bf0e789068912500ddf7c5550674cdb1be7ed7ca049a3028a5c3e5a64e4 labels: app.kubernetes.io/controller: api app.kubernetes.io/instance: searxng @@ -28,7 +30,7 @@ spec: spec: enableServiceLinks: false serviceAccountName: searxng - automountServiceAccountToken: false + automountServiceAccountToken: true hostIPC: false hostNetwork: false hostPID: false diff --git a/clusters/cl01tl/manifests/searxng/Deployment-searxng-browser.yaml b/clusters/cl01tl/manifests/searxng/Deployment-searxng-browser.yaml index c145b73cf..82545ca14 100644 --- a/clusters/cl01tl/manifests/searxng/Deployment-searxng-browser.yaml +++ b/clusters/cl01tl/manifests/searxng/Deployment-searxng-browser.yaml @@ -21,6 +21,8 @@ spec: app.kubernetes.io/instance: searxng template: metadata: + annotations: + checksum/secrets: bde85bf0e789068912500ddf7c5550674cdb1be7ed7ca049a3028a5c3e5a64e4 labels: app.kubernetes.io/controller: browser app.kubernetes.io/instance: searxng diff --git a/clusters/cl01tl/manifests/searxng/Secret-searxng-searxng-sa-token.yaml b/clusters/cl01tl/manifests/searxng/Secret-searxng-searxng-sa-token.yaml new file mode 100644 index 000000000..84676f873 --- /dev/null +++ b/clusters/cl01tl/manifests/searxng/Secret-searxng-searxng-sa-token.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Secret +type: kubernetes.io/service-account-token +metadata: + name: searxng-searxng-sa-token + labels: + app.kubernetes.io/instance: searxng + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: searxng + helm.sh/chart: searxng-5.0.0 + annotations: + kubernetes.io/service-account.name: searxng + namespace: searxng diff --git a/clusters/cl01tl/manifests/searxng/ServiceAccount-searxng.yaml b/clusters/cl01tl/manifests/searxng/ServiceAccount-searxng.yaml index 4a11b27c9..7baab0374 100644 --- a/clusters/cl01tl/manifests/searxng/ServiceAccount-searxng.yaml +++ b/clusters/cl01tl/manifests/searxng/ServiceAccount-searxng.yaml @@ -8,3 +8,5 @@ metadata: app.kubernetes.io/name: searxng helm.sh/chart: searxng-5.0.0 namespace: searxng +secrets: + - name: searxng-searxng-sa-token diff --git a/clusters/cl01tl/manifests/slskd/Deployment-slskd.yaml b/clusters/cl01tl/manifests/slskd/Deployment-slskd.yaml index 0d9764861..a9367890e 100644 --- a/clusters/cl01tl/manifests/slskd/Deployment-slskd.yaml +++ b/clusters/cl01tl/manifests/slskd/Deployment-slskd.yaml @@ -28,7 +28,7 @@ spec: spec: enableServiceLinks: false serviceAccountName: slskd - automountServiceAccountToken: false + automountServiceAccountToken: true securityContext: fsGroup: 1000 fsGroupChangePolicy: OnRootMismatch diff --git a/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-1.yaml b/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-1.yaml index 8a4f2e646..75360fcd3 100644 --- a/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-1.yaml +++ b/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-1.yaml @@ -29,8 +29,8 @@ spec: app.kubernetes.io/name: talos spec: enableServiceLinks: false - serviceAccountName: talos-defrag - automountServiceAccountToken: false + serviceAccountName: talos + automountServiceAccountToken: true hostIPC: false hostNetwork: false hostPID: false diff --git a/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-2.yaml b/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-2.yaml index e7069d549..99fc7bafe 100644 --- a/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-2.yaml +++ b/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-2.yaml @@ -29,8 +29,8 @@ spec: app.kubernetes.io/name: talos spec: enableServiceLinks: false - serviceAccountName: talos-defrag - automountServiceAccountToken: false + serviceAccountName: talos + automountServiceAccountToken: true hostIPC: false hostNetwork: false hostPID: false diff --git a/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-3.yaml b/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-3.yaml index 17a0552f4..8a2a9d984 100644 --- a/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-3.yaml +++ b/clusters/cl01tl/manifests/talos/CronJob-etcd-defrag-defrag-3.yaml @@ -29,8 +29,8 @@ spec: app.kubernetes.io/name: talos spec: enableServiceLinks: false - serviceAccountName: talos-defrag - automountServiceAccountToken: false + serviceAccountName: talos + automountServiceAccountToken: true hostIPC: false hostNetwork: false hostPID: false diff --git a/clusters/cl01tl/manifests/talos/CronJob-talos-external.yaml b/clusters/cl01tl/manifests/talos/CronJob-talos-external.yaml index 6ea3acd23..676414010 100644 --- a/clusters/cl01tl/manifests/talos/CronJob-talos-external.yaml +++ b/clusters/cl01tl/manifests/talos/CronJob-talos-external.yaml @@ -29,8 +29,8 @@ spec: app.kubernetes.io/name: talos spec: enableServiceLinks: false - serviceAccountName: talos-backup - automountServiceAccountToken: false + serviceAccountName: talos + automountServiceAccountToken: true hostIPC: false hostNetwork: false hostPID: false diff --git a/clusters/cl01tl/manifests/talos/CronJob-talos-local.yaml b/clusters/cl01tl/manifests/talos/CronJob-talos-local.yaml index 5df45bce0..8deda8042 100644 --- a/clusters/cl01tl/manifests/talos/CronJob-talos-local.yaml +++ b/clusters/cl01tl/manifests/talos/CronJob-talos-local.yaml @@ -29,8 +29,8 @@ spec: app.kubernetes.io/name: talos spec: enableServiceLinks: false - serviceAccountName: talos-backup - automountServiceAccountToken: false + serviceAccountName: talos + automountServiceAccountToken: true hostIPC: false hostNetwork: false hostPID: false diff --git a/clusters/cl01tl/manifests/talos/CronJob-talos-remote.yaml b/clusters/cl01tl/manifests/talos/CronJob-talos-remote.yaml index c5bb8add0..1332a238d 100644 --- a/clusters/cl01tl/manifests/talos/CronJob-talos-remote.yaml +++ b/clusters/cl01tl/manifests/talos/CronJob-talos-remote.yaml @@ -29,8 +29,8 @@ spec: app.kubernetes.io/name: talos spec: enableServiceLinks: false - serviceAccountName: talos-backup - automountServiceAccountToken: false + serviceAccountName: talos + automountServiceAccountToken: true hostIPC: false hostNetwork: false hostPID: false diff --git a/clusters/cl01tl/manifests/vault/CronJob-vault-snapshot.yaml b/clusters/cl01tl/manifests/vault/CronJob-vault-snapshot.yaml index f9a49fbc2..b1559a7b3 100644 --- a/clusters/cl01tl/manifests/vault/CronJob-vault-snapshot.yaml +++ b/clusters/cl01tl/manifests/vault/CronJob-vault-snapshot.yaml @@ -30,7 +30,7 @@ spec: spec: enableServiceLinks: false serviceAccountName: vault - automountServiceAccountToken: false + automountServiceAccountToken: true hostIPC: false hostNetwork: false hostPID: false