Adds two new controller flags to enforce ServiceAccount usage in
multi-tenant clusters where administrators need to lock down workload
identity access:
- --default-decryption-service-account
- --default-kubeconfig-service-account
These flags complement the existing --default-service-account flag to
provide complete multi-tenancy lockdown coverage for all three classes
of ServiceAccount fields in the Kustomization API.
Signed-off-by: cappyzawa <cappyzawa@gmail.com>
cappyzawa
Matheus Pimenta