Add bool option for automount_service_account_token

Author: davidholsgrove

modules/workload-identity/README.md

@@ -71,6 +71,7 @@ module "my-app-workload-identity" {
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
+| automount\_service\_account\_token | Enable automatic mounting of the service account token | bool | `"false"` | no |
 | k8s\_sa\_name | Name for the existing Kubernetes service account | string | `"null"` | no |
 | name | Name for both service accounts | string | n/a | yes |
 | namespace | Namespace for k8s service account | string | `"default"` | no |

modules/workload-identity/main.tf

@@ -33,6 +33,7 @@ resource "google_service_account" "cluster_service_account" {
 resource "kubernetes_service_account" "main" {
   count = var.use_existing_k8s_sa ? 0 : 1
 
+  automount_service_account_token = var.automount_service_account_token
   metadata {
     name      = var.name
     namespace = var.namespace

modules/workload-identity/variables.tf

@@ -41,3 +41,9 @@ variable "use_existing_k8s_sa" {
   default     = false
   type        = bool
 }
+
+variable "automount_service_account_token" {
+  description = "Enable automatic mounting of the service account token"
+  default     = false
+  type        = bool
+}