Allow configuring AutomountServiceAccountToken for DevicePlugin#1749
Merged
ybettan merged 1 commit intorh-ecosystem-edge:mainfrom Feb 16, 2026
Conversation
✅ Deploy Preview for openshift-kmm ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
Member
Author
|
/assign @ybettan |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: yevgeny-shnaidman The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
WalkthroughAdds an optional boolean Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Suggested labels
Suggested reviewers
🚥 Pre-merge checks | ✅ 4✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing touches
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Fix all issues with AI agents
In `@api/v1beta1/module_types.go`:
- Around line 317-321: Update the comment above the AutomountServiceAccountToken
field to fix typos and tighten wording: replace the current paragraph with a
clear single-sentence description stating that AutomountServiceAccountToken
disables automatic mounting of the service account token projected volume into
the device plugin pod (this volume contains the SA token and CA bundle), and
that setting it to false prevents auto-mounting so the user can mount any
required ConfigMaps or tokens manually; ensure the field name
AutomountServiceAccountToken remains unchanged.
In `@config/crd-hub/bases/hub.kmm.sigs.x-k8s.io_managedclustermodules.yaml`:
- Around line 52-58: The description for automountServiceAccountToken contains
typos and awkward punctuation; update the automountServiceAccountToken
description text to fix "disale" → "disable", clean up "CAs' file etc'" to
something like "CA files, etc.", and replace "he deems" with a gender-neutral
phrase such as "they deem" or "the user deems"; ensure the corrected text
remains a clear YAML block string under the automountServiceAccountToken field.
In `@config/crd-hub/bases/kmm.sigs.x-k8s.io_modules.yaml`:
- Around line 48-54: Fix the doc comment on the AutomountServiceAccountToken Go
field in the source definition (likely api/v1beta1/module_types.go): correct
typos ("disale" → "disable", "etc'" → "etc.") and replace gendered phrasing ("he
deems") with neutral wording such as "they deem" or "the user deems"; save the
updated comment on the AutomountServiceAccountToken field and re-run
controller-gen to regenerate config/crd-hub/bases/kmm.sigs.x-k8s.io_modules.yaml
so the corrected description appears in kubectl explain and generated docs.
Comment on lines
+317
to
+321
| // AutomountServiceAccountToken is used to disable the auto-mounting of the projected volume | ||
| // into device plugin pod. This volume includes as files: SA token, CAs' file etc' | ||
| // setting AutomountServiceAccountToken to false, will disale auto-mounting, and will allow user to mount | ||
| // whatever configmaps and tokens he deems necessary for the device plugin application | ||
| AutomountServiceAccountToken *bool `json:"automountServiceAccountToken,omitempty"` |
There was a problem hiding this comment.
Fix typos and tighten wording in the CRD description.
This text is surfaced in CRD docs; it currently contains typos and awkward phrasing. Consider updating it here (source of truth) and regenerating CRDs.
✏️ Suggested wording
- // AutomountServiceAccountToken is used to disable the auto-mounting of the projected volume
- // into device plugin pod. This volume includes as files: SA token, CAs' file etc'
- // setting AutomountServiceAccountToken to false, will disale auto-mounting, and will allow user to mount
- // whatever configmaps and tokens he deems necessary for the device plugin application
+ // AutomountServiceAccountToken disables auto-mounting of the projected service account volume
+ // in the device plugin pod. This volume includes the SA token, CA bundle, etc.
+ // Setting it to false disables auto-mounting and lets users mount custom ConfigMaps or tokens
+ // required by the device plugin.📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| // AutomountServiceAccountToken is used to disable the auto-mounting of the projected volume | |
| // into device plugin pod. This volume includes as files: SA token, CAs' file etc' | |
| // setting AutomountServiceAccountToken to false, will disale auto-mounting, and will allow user to mount | |
| // whatever configmaps and tokens he deems necessary for the device plugin application | |
| AutomountServiceAccountToken *bool `json:"automountServiceAccountToken,omitempty"` | |
| // AutomountServiceAccountToken disables auto-mounting of the projected service account volume | |
| // in the device plugin pod. This volume includes the SA token, CA bundle, etc. | |
| // Setting it to false disables auto-mounting and lets users mount custom ConfigMaps or tokens | |
| // required by the device plugin. | |
| AutomountServiceAccountToken *bool `json:"automountServiceAccountToken,omitempty"` |
🤖 Prompt for AI Agents
In `@api/v1beta1/module_types.go` around lines 317 - 321, Update the comment above
the AutomountServiceAccountToken field to fix typos and tighten wording: replace
the current paragraph with a clear single-sentence description stating that
AutomountServiceAccountToken disables automatic mounting of the service account
token projected volume into the device plugin pod (this volume contains the SA
token and CA bundle), and that setting it to false prevents auto-mounting so the
user can mount any required ConfigMaps or tokens manually; ensure the field name
AutomountServiceAccountToken remains unchanged.
Comment on lines
+52
to
+58
| automountServiceAccountToken: | ||
| description: |- | ||
| AutomountServiceAccountToken is used to disable the auto-mounting of the projected volume | ||
| into device plugin pod. This volume includes as files: SA token, CAs' file etc' | ||
| setting AutomountServiceAccountToken to false, will disale auto-mounting, and will allow user to mount | ||
| whatever configmaps and tokens he deems necessary for the device plugin application | ||
| type: boolean |
There was a problem hiding this comment.
Typos in the field description.
Line 56: "disale" → "disable". Line 57: "he deems" → consider gender-neutral phrasing like "they deem" or "the user deems". Line 55: "CAs' file etc'" has awkward punctuation.
Proposed description fix
automountServiceAccountToken:
description: |-
- AutomountServiceAccountToken is used to disable the auto-mounting of the projected volume
- into device plugin pod. This volume includes as files: SA token, CAs' file etc'
- setting AutomountServiceAccountToken to false, will disale auto-mounting, and will allow user to mount
- whatever configmaps and tokens he deems necessary for the device plugin application
+ AutomountServiceAccountToken is used to control the auto-mounting of the projected volume
+ into the device plugin pod. This volume includes as files: SA token, CA certificates, etc.
+ Setting AutomountServiceAccountToken to false will disable auto-mounting, and will allow the user to mount
+ whatever ConfigMaps and tokens they deem necessary for the device plugin application.
type: boolean📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| automountServiceAccountToken: | |
| description: |- | |
| AutomountServiceAccountToken is used to disable the auto-mounting of the projected volume | |
| into device plugin pod. This volume includes as files: SA token, CAs' file etc' | |
| setting AutomountServiceAccountToken to false, will disale auto-mounting, and will allow user to mount | |
| whatever configmaps and tokens he deems necessary for the device plugin application | |
| type: boolean | |
| automountServiceAccountToken: | |
| description: |- | |
| AutomountServiceAccountToken is used to control the auto-mounting of the projected volume | |
| into the device plugin pod. This volume includes as files: SA token, CA certificates, etc. | |
| Setting AutomountServiceAccountToken to false will disable auto-mounting, and will allow the user to mount | |
| whatever ConfigMaps and tokens they deem necessary for the device plugin application. | |
| type: boolean |
🤖 Prompt for AI Agents
In `@config/crd-hub/bases/hub.kmm.sigs.x-k8s.io_managedclustermodules.yaml` around
lines 52 - 58, The description for automountServiceAccountToken contains typos
and awkward punctuation; update the automountServiceAccountToken description
text to fix "disale" → "disable", clean up "CAs' file etc'" to something like
"CA files, etc.", and replace "he deems" with a gender-neutral phrase such as
"they deem" or "the user deems"; ensure the corrected text remains a clear YAML
block string under the automountServiceAccountToken field.
Comment on lines
+48
to
+54
| automountServiceAccountToken: | ||
| description: |- | ||
| AutomountServiceAccountToken is used to disable the auto-mounting of the projected volume | ||
| into device plugin pod. This volume includes as files: SA token, CAs' file etc' | ||
| setting AutomountServiceAccountToken to false, will disale auto-mounting, and will allow user to mount | ||
| whatever configmaps and tokens he deems necessary for the device plugin application | ||
| type: boolean |
There was a problem hiding this comment.
Typos and language issues in the field description.
The description contains several issues that will surface in kubectl explain output and generated API docs:
- Line 52:
disale→disable - Line 52:
etc'→etc.(stray apostrophe) - Line 53:
he deems→they deemorthe user deems(use gender-neutral language)
Since this file is generated by controller-gen, the fix should be applied in the source Go doc comment (likely in api/v1beta1/module_types.go on the AutomountServiceAccountToken field).
#!/bin/bash
# Verify the source of the typos in the Go type definition
rg -n 'AutomountServiceAccountToken' --type=go -C 5🤖 Prompt for AI Agents
In `@config/crd-hub/bases/kmm.sigs.x-k8s.io_modules.yaml` around lines 48 - 54,
Fix the doc comment on the AutomountServiceAccountToken Go field in the source
definition (likely api/v1beta1/module_types.go): correct typos ("disale" →
"disable", "etc'" → "etc.") and replace gendered phrasing ("he deems") with
neutral wording such as "they deem" or "the user deems"; save the updated
comment on the AutomountServiceAccountToken field and re-run controller-gen to
regenerate config/crd-hub/bases/kmm.sigs.x-k8s.io_modules.yaml so the corrected
description appears in kubectl explain and generated docs.
AutomountServiceAccountToken is used to disable the auto-mounting of the projected volume into device plugin pod. This volume includes as files: SA token, CAs' file etc'. K8s automatically mounts the SA token, root CAs into the /var/run/secrets/kubernetes.io/serviceaccount using projected volumes.As a result, mounting/overriding additional files into that directory is not allowed. setting AutomountServiceAccountToken to false, will disale auto-mounting, and will allow user to mount whatever configmaps and tokens he deems necessary for the device plugin application.
yevgeny-shnaidman
force-pushed
the
yevgeny/cherry-pick-8a7bc88b4a02cd05c498d4de67d2afdd2530a300
branch
from
2596e57 to
145afad
Compare
Member
|
/lgtm |
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Fix all issues with AI agents
In `@bundle-hub/manifests/hub.kmm.sigs.x-k8s.io_managedclustermodules.yaml`:
- Around line 56-62: Update the AutomountServiceAccountToken field description
in the Module type source (module_types.go) to correct typos and use inclusive
language: change "disale" to "disable" and "he deems" to "they deem" in the
description string for automountServiceAccountToken, then regenerate the
CRD/manifest YAMLs so the corrected text propagates to the generated files
(references: AutomountServiceAccountToken field in Module type definition).
In `@bundle/manifests/kmm.sigs.x-k8s.io_modules.yaml`:
- Around line 52-58: Update the Go doc string for the
AutomountServiceAccountToken field in the module API type (the struct containing
AutomountServiceAccountToken in api/v1beta1 module types) to fix typos: change
"etc'" to "etc.", "disale" to "disable", and "he deems" to "they deem" (or "the
user deems"); then run controller-gen to regenerate the CRD/YAML manifests so
the corrected description propagates to
bundle/manifests/kmm.sigs.x-k8s.io_modules.yaml.
Comment on lines
+56
to
+62
| automountServiceAccountToken: | ||
| description: |- | ||
| AutomountServiceAccountToken is used to disable the auto-mounting of the projected volume | ||
| into device plugin pod. This volume includes as files: SA token, CAs' file etc' | ||
| setting AutomountServiceAccountToken to false, will disale auto-mounting, and will allow user to mount | ||
| whatever configmaps and tokens he deems necessary for the device plugin application | ||
| type: boolean |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Search for the typo "disale" in the codebase
rg -n 'disale' --type yaml --type goRepository: rh-ecosystem-edge/kernel-module-management
Length of output: 1160
🏁 Script executed:
#!/bin/bash
# Read the specific file and show lines 56-62
cat -n bundle-hub/manifests/hub.kmm.sigs.x-k8s.io_managedclustermodules.yaml | sed -n '50,65p'Repository: rh-ecosystem-edge/kernel-module-management
Length of output: 1231
Fix typo and non-inclusive language in field description.
This issue exists in the Go source definition (api/v1beta1/module_types.go:319) and is propagated to multiple generated YAML manifests. Fix it at the source:
- Line 60:
"disale"→"disable" - Line 61:
"he deems"→"they deem"
Affected files
api/v1beta1/module_types.go:319(source)config/crd/bases/kmm.sigs.x-k8s.io_modules.yaml:52config/crd-hub/bases/kmm.sigs.x-k8s.io_modules.yaml:52config/crd-hub/bases/hub.kmm.sigs.x-k8s.io_managedclustermodules.yaml:56bundle/manifests/kmm.sigs.x-k8s.io_modules.yaml:56bundle-hub/manifests/hub.kmm.sigs.x-k8s.io_managedclustermodules.yaml:60(under review)
🤖 Prompt for AI Agents
In `@bundle-hub/manifests/hub.kmm.sigs.x-k8s.io_managedclustermodules.yaml` around
lines 56 - 62, Update the AutomountServiceAccountToken field description in the
Module type source (module_types.go) to correct typos and use inclusive
language: change "disale" to "disable" and "he deems" to "they deem" in the
description string for automountServiceAccountToken, then regenerate the
CRD/manifest YAMLs so the corrected text propagates to the generated files
(references: AutomountServiceAccountToken field in Module type definition).
Comment on lines
+52
to
+58
| automountServiceAccountToken: | ||
| description: |- | ||
| AutomountServiceAccountToken is used to disable the auto-mounting of the projected volume | ||
| into device plugin pod. This volume includes as files: SA token, CAs' file etc' | ||
| setting AutomountServiceAccountToken to false, will disale auto-mounting, and will allow user to mount | ||
| whatever configmaps and tokens he deems necessary for the device plugin application | ||
| type: boolean |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
fd -t f 'module_types.go' --exec cat -n {} \; | head -200Repository: rh-ecosystem-edge/kernel-module-management
Length of output: 8683
🏁 Script executed:
rg -n 'AutomountServiceAccountToken' --type go -A 5 -B 2Repository: rh-ecosystem-edge/kernel-module-management
Length of output: 23731
🏁 Script executed:
head -30 bundle/manifests/kmm.sigs.x-k8s.io_modules.yamlRepository: rh-ecosystem-edge/kernel-module-management
Length of output: 997
🏁 Script executed:
head -30 api/v1beta1/module_types.go | grep -E "(kubebuilder|controller-gen)"Repository: rh-ecosystem-edge/kernel-module-management
Length of output: 68
🏁 Script executed:
grep -n "kubebuilder\|controller-gen" api/v1beta1/module_types.go | head -5Repository: rh-ecosystem-edge/kernel-module-management
Length of output: 284
Fix typos in the source Go doc comment for AutomountServiceAccountToken field.
The YAML manifest is auto-generated by controller-gen. Update the description in api/v1beta1/module_types.go (lines 317–320):
- Line 319:
"disale"→"disable" - Line 318:
"etc'"→"etc." - Line 320:
"he deems"→"they deem"(or"the user deems")
Then regenerate the CRD manifests.
🤖 Prompt for AI Agents
In `@bundle/manifests/kmm.sigs.x-k8s.io_modules.yaml` around lines 52 - 58, Update
the Go doc string for the AutomountServiceAccountToken field in the module API
type (the struct containing AutomountServiceAccountToken in api/v1beta1 module
types) to fix typos: change "etc'" to "etc.", "disale" to "disable", and "he
deems" to "they deem" (or "the user deems"); then run controller-gen to
regenerate the CRD/YAML manifests so the corrected description propagates to
bundle/manifests/kmm.sigs.x-k8s.io_modules.yaml.
Member
|
/retest |
Member
Author
|
/test e2e |
Member
Author
|
/test lint |
Member
|
/retest |
Member
Author
|
/test e2e |
Member
Author
|
/retest |
Member
Author
|
/test e2e |
Member
Author
|
/retest |
Member
Author
|
/test e2e |
1 similar comment
Member
Author
|
/test e2e |
Member
|
Fixes #1747 |
Member
|
/retest |
1 similar comment
Member
|
/retest |
Member
|
/override ci/prow/e2e |
|
@ybettan: Overrode contexts on behalf of ybettan: ci/prow/e2e DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
AutomountServiceAccountToken is used to disable the auto-mounting of the projected volume into device plugin pod. This volume includes as files: SA token, CAs' file etc'. K8s automatically mounts the SA token, root CAs into the /var/run/secrets/kubernetes.io/serviceaccount using projected volumes.As a result, mounting/overriding additional files into that directory is not allowed. setting AutomountServiceAccountToken to false, will disale auto-mounting, and will allow user to mount whatever configmaps and tokens he deems necessary for the device plugin application.
Summary by CodeRabbit