Skip to content

Commit db4dbec

Browse files
KevinFCormierKevinFCormier
authored
Create service account secret if not found (stolostron#3508)
* Create service account secret if not found Signed-off-by: Kevin Cormier <kcormier@redhat.com> * Fix for jq 1.7.1 Signed-off-by: Kevin Cormier <kcormier@redhat.com> * Use service account secret in MCE namespace created by setup script Signed-off-by: Kevin Cormier <kcormier@redhat.com> --------- Signed-off-by: Kevin Cormier <kcormier@redhat.com>
1 parent 0463568 commit db4dbec

File tree

2 files changed

+17
-2
lines changed

2 files changed

+17
-2
lines changed

setup.sh

+15-1
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,21 @@ INSTALLATION_NAMESPACE=`oc get multiclusterhub -A -o jsonpath='{.items[0].metada
2727
INSTALLATION_NAMESPACE_MCE=`oc get multiclusterengine -A -o jsonpath='{.items[0].spec.targetNamespace}'`
2828

2929
SA=$(oc get serviceaccounts -n $INSTALLATION_NAMESPACE_MCE console-mce -o jsonpath='{.metadata.name}')
30-
SA_SECRET=$(oc get secrets -n $INSTALLATION_NAMESPACE_MCE -o json | jq -r "[.items[] | select(.metadata.annotations[\"kubernetes.io/service-account.name\"] == \"$SA\" and .type == \"kubernetes.io/service-account-token\")][0].metadata.name")
30+
SA_SECRET=$(oc get secrets -n $INSTALLATION_NAMESPACE_MCE -o json | jq -r "[.items[] | select(.metadata.annotations[\"kubernetes.io/service-account.name\"] == \"$SA\" and .type == \"kubernetes.io/service-account-token\")][0].metadata.name // \"\"")
31+
if [[ -z "$SA_SECRET" ]]; then
32+
oc apply -f - << EOF
33+
apiVersion: v1
34+
kind: Secret
35+
metadata:
36+
name: console-mce-token
37+
namespace: $INSTALLATION_NAMESPACE_MCE
38+
annotations:
39+
kubernetes.io/service-account.name: $SA
40+
type: kubernetes.io/service-account-token
41+
EOF
42+
SA_SECRET="console-mce-token"
43+
fi
44+
3145
SA_TOKEN=`oc get secret -n $INSTALLATION_NAMESPACE_MCE ${SA_SECRET} -o="jsonpath={.data.token}" | base64 -d`
3246
CA_CERT=`oc get secret -n $INSTALLATION_NAMESPACE_MCE ${SA_SECRET} -o="jsonpath={.data.ca\.crt}"`
3347
SERVICE_CA_CERT=`oc get secret -n $INSTALLATION_NAMESPACE_MCE ${SA_SECRET} -o="jsonpath={.data.service-ca\.crt}"`

start-ocp-console.sh

+2-1
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,8 @@ oc process -f ocp-console-oauth-client.yaml | oc apply -f -
77

88
oc get oauthclient console-oauth-client -o jsonpath='{.secret}' > ocp-console/console-client-secret
99

10-
oc get secrets -n default --field-selector type=kubernetes.io/service-account-token -o json | \
10+
INSTALLATION_NAMESPACE_MCE=`oc get multiclusterengine -A -o jsonpath='{.items[0].spec.targetNamespace}'`
11+
oc get secrets -n $INSTALLATION_NAMESPACE_MCE --field-selector type=kubernetes.io/service-account-token -o json | \
1112
jq '.items[0].data."ca.crt"' -r | python -m base64 -d > ocp-console/ca.crt
1213

1314
CONSOLE_VERSION=${CONSOLE_VERSION:=4.13}

0 commit comments

Comments
 (0)