diff --git a/pkg/webhook/sidecarset/validating/sidecarset_create_update_handler.go b/pkg/webhook/sidecarset/validating/sidecarset_create_update_handler.go index b112883a36..bd0e7e28cf 100644 --- a/pkg/webhook/sidecarset/validating/sidecarset_create_update_handler.go +++ b/pkg/webhook/sidecarset/validating/sidecarset_create_update_handler.go @@ -278,11 +278,12 @@ func validateContainersForSidecarSet( fakePod = &core.Pod{ ObjectMeta: metav1.ObjectMeta{Name: "test", Namespace: "default"}, Spec: core.PodSpec{ - DNSPolicy: core.DNSClusterFirst, - RestartPolicy: core.RestartPolicyAlways, - InitContainers: coreInitContainers, - Containers: coreContainers, - Volumes: coreVolumes, + DNSPolicy: core.DNSClusterFirst, + RestartPolicy: core.RestartPolicyAlways, + InitContainers: coreInitContainers, + Containers: coreContainers, + Volumes: coreVolumes, + ServiceAccountName: "default", }, } diff --git a/pkg/webhook/sidecarset/validating/sidecarset_validating_test.go b/pkg/webhook/sidecarset/validating/sidecarset_validating_test.go index 5b0cd04f93..1347524d3f 100644 --- a/pkg/webhook/sidecarset/validating/sidecarset_validating_test.go +++ b/pkg/webhook/sidecarset/validating/sidecarset_validating_test.go @@ -316,6 +316,23 @@ func TestValidateSidecarSet(t *testing.T) { { Name: "test-volume", }, + { + Name: "istio-token", + VolumeSource: corev1.VolumeSource{ + Projected: &corev1.ProjectedVolumeSource{ + DefaultMode: pointer.Int32Ptr(420), + Sources: []corev1.VolumeProjection{ + { + ServiceAccountToken: &corev1.ServiceAccountTokenProjection{ + Audience: "istio-ca", + ExpirationSeconds: pointer.Int64Ptr(43200), + Path: "istio-token", + }, + }, + }, + }, + }, + }, }, }, },