Explicitly create service account token for eso-vault-auth-token

With newer versions of kubernetes/openshift, it is necessary to explicitly request a long-lived token for service accounts [1]. [1]: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#manually-create-a-long-lived-api-token-for-a-serviceaccount
OCP-on-NERC · Dec 3, 2024 · 6f666fa · 6f666fa
1 parent db9c029
commit 6f666fa
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 0 deletions.
diff --git a/cluster-scope/base/core/secrets/eso-vault-auth-token/kustomization.yaml b/cluster-scope/base/core/secrets/eso-vault-auth-token/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: external-secrets-operator
+resources:
+    - secret.yaml
diff --git a/cluster-scope/base/core/secrets/eso-vault-auth-token/secret.yaml b/cluster-scope/base/core/secrets/eso-vault-auth-token/secret.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: eso-vault-auth-token
+  annotations:
+    kubernetes.io/service-account.name: eso-vault-auth
+type: kubernetes.io/service-account-token
diff --git a/cluster-scope/bundles/external-secrets/kustomization.yaml b/cluster-scope/bundles/external-secrets/kustomization.yaml
@@ -9,3 +9,4 @@ resources:
 - ../../base/operators.coreos.com/subscriptions/external-secrets-operator
 - ../../base/rbac.authorization.k8s.io/clusterrolebindings/eso-tokenreview
 - ../../base/operators.coreos.com/operatorgroups/external-secrets
+- ../../base/core/secrets/eso-vault-auth-token/