Merge pull request #78003 from mburke5678/cma-add-token-secret

mburke5678 · web-flow · commit 8b11d59ad95d · 2024-07-11T15:42:00.000-04:00
CMA add secret to generate SA token
diff --git a/modules/nodes-cma-autoscaling-custom-prometheus-config.adoc b/modules/nodes-cma-autoscaling-custom-prometheus-config.adoc
@@ -15,8 +15,9 @@ These steps are not required for an external Prometheus source.
 
 You must perform the following tasks, as described in this section:
 
-* Create a service account to get a token.
-* Create the service token.
+* Create a service account.
+* Create a secret that generates a token for the service account.
+* Create the trigger authentication.
 * Create a role.
 * Add that role to the service account.
 * Reference the token in the trigger authentication object used by Prometheus.
@@ -38,49 +39,49 @@ You must perform the following tasks, as described in this section:
 $ oc project my-project
 ----
 
-. Use the following command to create a service account, if your cluster does not have one:
+. Create a service account and token, if your cluster does not have one:
+
+.. Create a `service account` object by using the following command:
 +
 [source,terminal]
 ----
-$ oc create serviceaccount <service_account>
+$ oc create serviceaccount thanos <1>
 ----
 +
-where:
-+
-<service_account>:: Specifies the name of the service account.
+<1> Specifies the name of the service account.
 
-. Use the following command to create the service token for the service account:
+.. Create a `secret` YAML to generate a service account token:
 +
-[source,terminal]
+[source,yaml]
 ----
-$ oc apply -f - <<EOF
 apiVersion: v1
 kind: Secret
 metadata:
   name: thanos-token
   annotations:
-    kubernetes.io/service-account.name: <service_account>
+    kubernetes.io/service-account.name: thanos <1>
   type: kubernetes.io/service-account-token
-EOF
 ----
 +
-where:
+<1> Specifies the name of the service account.
+
+.. Create the secret object by using the following command:
 +
-<service_account>:: Specifies the name of the service account.
+[source,terminal]
+----
+$ oc create -f <file_name>.yaml
+----
 
 .. Use the following command to locate the token assigned to the service account:
 +
 [source,terminal]
 ----
-$ oc describe serviceaccount <service_account>
+$ oc describe serviceaccount thanos <1>
 ----
 +
---
-where:
-
-<service_account>:: Specifies the name of the service account.
---
+<1> Specifies the name of the service account.
 +
+--
 .Example output
 [source,terminal]
 ----
@@ -90,11 +91,12 @@ Labels:              <none>
 Annotations:         <none>
 Image pull secrets:  thanos-dockercfg-nnwgj
 Mountable secrets:   thanos-dockercfg-nnwgj
-Tokens:              thanos-token-9g4n5 <1>
+Tokens:              thanos-token <1>
 Events:              <none>
 
 ----
 <1> Use this token in the trigger authentication.
+--
 
 . Create a trigger authentication with the service account token:
 
@@ -109,10 +111,10 @@ metadata:
 spec:
   secretTargetRef: <1>
   - parameter: bearerToken <2>
-    name: thanos-token-9g4n5 <3>
+    name: thanos-token <3>
     key: token <4>
   - parameter: ca
-    name: thanos-token-9g4n5
+    name: thanos-token
     key: ca.crt
 ----
 <1> Specifies that this object uses a secret for authorization.
@@ -186,6 +188,7 @@ subjects:
 <2> Specifies the namespace of the object you want to scale.
 <3> Specifies the name of the service account to bind to the role.
 <4> Specifies the namespace of the object you want to scale.
+
 .. Create the CR object:
 +
 [source,terminal]
@@ -200,4 +203,3 @@ You can now deploy a scaled object or scaled job to enable autoscaling for your
 * `triggers.metadata.authModes` must be `bearer`
 * `triggers.metadata.namespace` must be set to the namespace of the object to scale
 * `triggers.authenticationRef` must point to the trigger authentication resource specified in the previous step
-
