Add ability to disable service account token mount for gateway

The Loki gateway acts as a reverse proxy and doesn't require
Kubernetes API access. This change allows users to disable service
account token mounting for better security posture.

Signed-off-by: Mario Asabella <[email protected]>

Author: marioasabella

charts/loki-distributed/templates/gateway/deployment-gateway.yaml

@@ -41,6 +41,7 @@ spec:
         {{- end }}
     spec:
       serviceAccountName: {{ include "loki.serviceAccountName" . }}
+      automountServiceAccountToken: {{ .Values.gateway.serviceAccount.automountServiceAccountToken }}
       {{- with .Values.imagePullSecrets }}
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}

charts/loki-distributed/values.yaml

@@ -1020,6 +1020,7 @@ gateway:
   replicas: 1
   # -- Enable logging of 2xx and 3xx HTTP requests
   verboseLogging: true
+  automountServiceAccountToken: true  # default to true for backward compatibility
   autoscaling:
     # -- Enable autoscaling for the gateway
     enabled: false