Automatic update helm docs from VictoriaMetrics/helm-charts@42d92a7 (#7783)

Automated changes by
[create-pull-request](https://github.com/peter-evans/create-pull-request)
GitHub action

Signed-off-by: Github Actions <133988544+victoriametrics-bot@users.noreply.github.com>
Co-authored-by: AndrewChubatiuk <3162380+AndrewChubatiuk@users.noreply.github.com>

docs/helm/victoria-metrics-k8s-stack/README.md

@@ -2207,17 +2207,6 @@ serviceMonitor:
 </pre>
 </td>
       <td><p>VictoriaMetrics Operator dependency chart configuration. More values can be found <a href="https://docs.victoriametrics.com/helm/victoriametrics-operator#parameters" target="_blank">here</a>. Also checkout <a href="https://docs.victoriametrics.com/operator/vars" target="_blank">here</a> possible ENV variables to configure operator behaviour</p>
-</td>
-    </tr>
-    <tr>
-      <td>victoria-metrics-operator.crds.plain</td>
-      <td>bool</td>
-      <td><pre class="helm-vars-default-value" language-yaml" lang="">
-<code class="language-yaml">true
-</code>
-</pre>
-</td>
-      <td><p>added temporary, till new operator version released</p>
 </td>
     </tr>
     <tr>

docs/helm/victoria-metrics-operator/CHANGELOG.md

@@ -1,6 +1,7 @@
 ## Next release
 
 - updated common dependency 0.0.32 -> 0.0.33
+- add an option to mount `ServiceAccount` token manually for security hardening reasons.
 
 ## 0.39.1
 

docs/helm/victoria-metrics-operator/README.md

@@ -191,6 +191,36 @@ helm-docs
 
 The markdown generation is entirely go template driven. The tool parses metadata from charts and generates a number of sub-templates that can be referenced in a template file (by default ``README.md.gotmpl``). If no template file is provided, the tool has a default internal template that will generate a reasonably formatted README.
 
+## Disabling automatic ServiceAccount token mount
+
+There are cases when it is required to disable automatic ServiceAccount token mount due to hardening reasons. To disable it, set the following values:
+```
+serviceAccount:
+  automountServiceAccountToken: false
+
+extraVolumes:
+  - name: operator
+    projected:
+      sources:
+        - downwardAPI:
+            items:
+              - fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+                path: namespace
+        - configMap:
+            name: kube-root-ca.crt
+        - serviceAccountToken:
+            expirationSeconds: 7200
+            path: token
+
+extraVolumeMounts:
+  - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+    name: operator
+```
+
+This configuration disables the automatic ServiceAccount token mount and mounts the token explicitly.
+
 ## Parameters
 
 The following tables lists the configurable parameters of the chart and their default values.
@@ -981,6 +1011,17 @@ view:
 </pre>
 </td>
       <td><p>Service webhook port</p>
+</td>
+    </tr>
+    <tr>
+      <td>serviceAccount.automountServiceAccountToken</td>
+      <td>bool</td>
+      <td><pre class="helm-vars-default-value" language-yaml" lang="">
+<code class="language-yaml">true
+</code>
+</pre>
+</td>
+      <td><p>Whether to automount the service account token. Note that token needs to be mounted manually if this is disabled.</p>
 </td>
     </tr>
     <tr>