From 04c24972ad033be5aba96d38f336e0cfd5766c2f Mon Sep 17 00:00:00 2001
From: "lan.tian" <lance5890@163.com>
Date: Wed, 20 Aug 2025 08:45:41 +0800
Subject: [PATCH] fix: use BoundServceAccountTokenVolume de default

---
 .../installer/manifests/installer-pod.yaml    | 22 -------------------
 .../prune/manifests/pruner-pod.yaml           | 22 -------------------
 2 files changed, 44 deletions(-)

diff --git a/pkg/operator/staticpod/controller/installer/manifests/installer-pod.yaml b/pkg/operator/staticpod/controller/installer/manifests/installer-pod.yaml
index 5f435389e3..b447305312 100644
--- a/pkg/operator/staticpod/controller/installer/manifests/installer-pod.yaml
+++ b/pkg/operator/staticpod/controller/installer/manifests/installer-pod.yaml
@@ -6,7 +6,6 @@ metadata:
   labels:
     app: installer
 spec:
-  automountServiceAccountToken: false
   serviceAccountName: installer-sa
   nodeName: # Value set by operator
   containers:
@@ -31,9 +30,6 @@ spec:
       volumeMounts:
         - mountPath: /etc/kubernetes/
           name: kubelet-dir
-        - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
-          name: kube-api-access
-          readOnly: true
         - mountPath: /var/lock
           name: var-lock
       resources:
@@ -56,21 +52,3 @@ spec:
     - hostPath:
         path: /var/lock
       name: var-lock
-    - name: kube-api-access
-      projected:
-        defaultMode: 420
-        sources:
-        - serviceAccountToken:
-            expirationSeconds: 3600
-            path: token
-        - configMap:
-            items:
-            - key: ca.crt
-              path: ca.crt
-            name: kube-root-ca.crt
-        - downwardAPI:
-            items:
-            - fieldRef:
-                apiVersion: v1
-                fieldPath: metadata.namespace
-              path: namespace
diff --git a/pkg/operator/staticpod/controller/prune/manifests/pruner-pod.yaml b/pkg/operator/staticpod/controller/prune/manifests/pruner-pod.yaml
index 8c45926348..f778afb965 100644
--- a/pkg/operator/staticpod/controller/prune/manifests/pruner-pod.yaml
+++ b/pkg/operator/staticpod/controller/prune/manifests/pruner-pod.yaml
@@ -6,7 +6,6 @@ metadata:
   labels:
     app: pruner
 spec:
-  automountServiceAccountToken: false
   serviceAccountName: installer-sa
   nodeName: # Value set by operator
   containers:
@@ -29,9 +28,6 @@ spec:
     volumeMounts:
     - mountPath: /etc/kubernetes/
       name: kubelet-dir
-    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
-      name: kube-api-access
-      readOnly: true
   restartPolicy: Never
   priorityClassName: system-node-critical
   tolerations:
@@ -42,21 +38,3 @@ spec:
   - hostPath:
       path: /etc/kubernetes/
     name: kubelet-dir
-  - name: kube-api-access
-    projected:
-      defaultMode: 420
-      sources:
-      - serviceAccountToken:
-          expirationSeconds: 3600
-          path: token
-      - configMap:
-          items:
-          - key: ca.crt
-            path: ca.crt
-          name: kube-root-ca.crt
-      - downwardAPI:
-          items:
-          - fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-            path: namespace