From 601a5e6a9d5adad1af1a7ea4894460296b96edf7 Mon Sep 17 00:00:00 2001
From: Minyi Zhong <mzhong@atlassian.com>
Date: Sat, 26 Oct 2024 21:59:36 +1100
Subject: [PATCH] fix: resource template getting duplicate exec-sa-token volume
 mounts with automountServiceAccountToken: false. Fixes #12848

reverts 2f63f6c3e83167ff9f9f976ea68b2f789d2ad7d3
Signed-off-by: Minyi Zhong <mzhong@atlassian.com>
---
 workflow/controller/workflowpod.go | 16 ----------------
 1 file changed, 16 deletions(-)

diff --git a/workflow/controller/workflowpod.go b/workflow/controller/workflowpod.go
index c47ab6296de0..7b43b698167d 100644
--- a/workflow/controller/workflowpod.go
+++ b/workflow/controller/workflowpod.go
@@ -216,22 +216,6 @@ func (woc *wfOperationCtx) createWorkflowPod(ctx context.Context, nodeName strin
 	// container's PID and root filesystem.
 	pod.Spec.Containers = append(pod.Spec.Containers, mainCtrs...)
 
-	// Configure service account token volume for the main container when AutomountServiceAccountToken is disabled
-	if (woc.execWf.Spec.AutomountServiceAccountToken != nil && !*woc.execWf.Spec.AutomountServiceAccountToken) ||
-		(tmpl.AutomountServiceAccountToken != nil && !*tmpl.AutomountServiceAccountToken) {
-		for i, c := range pod.Spec.Containers {
-			if c.Name == common.WaitContainerName {
-				continue
-			}
-			c.VolumeMounts = append(c.VolumeMounts, apiv1.VolumeMount{
-				Name:      common.ServiceAccountTokenVolumeName,
-				MountPath: common.ServiceAccountTokenMountPath,
-				ReadOnly:  true,
-			})
-			pod.Spec.Containers[i] = c
-		}
-	}
-
 	// Configuring default container to be used with commands like "kubectl exec/logs".
 	// Select "main" container if it's available. In other case use the last container (can happent when pod created from ContainerSet).
 	defaultContainer := pod.Spec.Containers[len(pod.Spec.Containers)-1].Name