From 2596d675893b6e6b6b3ec35e0e559e0f69d4cc67 Mon Sep 17 00:00:00 2001
From: ROULOIS Ewen OBS/FZ <ewen.roulois@orange.com>
Date: Mon, 14 Apr 2025 16:36:13 +0200
Subject: [PATCH] feat add managmement of automount service account token

---
 helm/ingress-azure/templates/deployment.yaml | 1 +
 helm/ingress-azure/values.yaml               | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/helm/ingress-azure/templates/deployment.yaml b/helm/ingress-azure/templates/deployment.yaml
index 13a836d91..bd5b99a9f 100644
--- a/helm/ingress-azure/templates/deployment.yaml
+++ b/helm/ingress-azure/templates/deployment.yaml
@@ -44,6 +44,7 @@ spec:
       securityContext:
         runAsUser: 0
       {{- end }}
+      automountServiceAccountToken: {{ .Values.automountServiceAccountToken | default true }} 
       containers:
       - name: {{ .Chart.Name }}
         image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
diff --git a/helm/ingress-azure/values.yaml b/helm/ingress-azure/values.yaml
index fcee7b240..52d377c74 100644
--- a/helm/ingress-azure/values.yaml
+++ b/helm/ingress-azure/values.yaml
@@ -14,9 +14,11 @@ image:
   tag: 1.6.0
   pullPolicy: Always
 
+# AGIC will use the service account of the pod to authenticate with the Kubernetes API server.
+# When set to false, you will need to handle the volume mounts and permissions for the service account.
+automountServiceAccountToken: true
 
 kubernetes:
-
   # Namespace(s) AGIC watches; Leaving this blank watches all namespaces;
   # Accepts one or many comma-separated values
   watchNamespace: