@@ -184,6 +184,27 @@ func (gapfj *generatorAzurePathFixJob) expected() (runtime.Object, error) {
184184 Name : "ca-trust-extracted" ,
185185 MountPath : "/etc/pki/ca-trust/extracted" ,
186186 }
187+ saVol := corev1.Volume {
188+ Name : "bound-sa-token" ,
189+ VolumeSource : corev1.VolumeSource {
190+ Projected : & corev1.ProjectedVolumeSource {
191+ Sources : []corev1.VolumeProjection {
192+ {
193+ ServiceAccountToken : & corev1.ServiceAccountTokenProjection {
194+ Audience : "openshift" ,
195+ Path : "token" ,
196+ },
197+ },
198+ },
199+ },
200+ },
201+ }
202+ saMount := corev1.VolumeMount {
203+ Name : saVol .Name ,
204+ // Default (by convention) location for mounting projected ServiceAccounts
205+ MountPath : "/var/run/secrets/openshift/serviceaccount" ,
206+ ReadOnly : true ,
207+ }
187208
188209 backoffLimit := int32 (0 )
189210 cj := & batchv1.Job {
@@ -209,16 +230,24 @@ func (gapfj *generatorAzurePathFixJob) expected() (runtime.Object, error) {
209230 },
210231 TerminationMessagePolicy : kcorev1 .TerminationMessageFallbackToLogsOnError ,
211232 Env : envs ,
212- VolumeMounts : []corev1.VolumeMount {trustedCAMount , caTrustExtractedMount },
213- Name : gapfj .GetName (),
214- Command : []string {"/bin/sh" },
233+ VolumeMounts : []corev1.VolumeMount {
234+ trustedCAMount ,
235+ caTrustExtractedMount ,
236+ saMount ,
237+ },
238+ Name : gapfj .GetName (),
239+ Command : []string {"/bin/sh" },
215240 Args : []string {
216241 "-c" ,
217242 "mkdir -p /etc/pki/ca-trust/extracted/edk2 /etc/pki/ca-trust/extracted/java /etc/pki/ca-trust/extracted/openssl /etc/pki/ca-trust/extracted/pem && update-ca-trust extract && /usr/bin/move-blobs" ,
218243 },
219244 },
220245 },
221- Volumes : []corev1.Volume {trustedCAVolume , caTrustExtractedVolume },
246+ Volumes : []corev1.Volume {
247+ trustedCAVolume ,
248+ caTrustExtractedVolume ,
249+ saVol ,
250+ },
222251 },
223252 },
224253 },
0 commit comments