Skip to content

Commit 3386b1b

Browse files
juniorjunior
committed
complete stack service accounts support updated
Signed-off-by: junior <[email protected]>
1 parent a1feb8f commit 3386b1b

File tree

1 file changed

+18
-3
lines changed

1 file changed

+18
-3
lines changed

deploy/complete/terraform/mushop-oci-services.tf

Lines changed: 18 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -107,6 +107,21 @@ resource "kubernetes_service_account" "wallet_extractor_sa" {
107107
name = "wallet-extractor-sa"
108108
namespace = kubernetes_namespace.mushop_namespace.id
109109
}
110+
secret {
111+
name = "wallet-extractor-sa-token"
112+
}
113+
114+
count = var.mushop_mock_mode_all ? 0 : 1
115+
}
116+
resource "kubernetes_secret" "wallet_extractor_sa" {
117+
metadata {
118+
name = "wallet-extractor-sa-token"
119+
namespace = kubernetes_namespace.mushop_namespace.id
120+
annotations = {
121+
"kubernetes.io/service-account.name" = kubernetes_service_account.wallet_extractor_sa.0.metadata.0.name
122+
}
123+
}
124+
type = "kubernetes.io/service-account-token"
110125

111126
count = var.mushop_mock_mode_all ? 0 : 1
112127
}
@@ -141,7 +156,7 @@ resource "kubernetes_job" "wallet_extractor_job" {
141156
args = ["kubectl create secret generic oadb-wallet --from-file=/wallet"]
142157
volume_mount {
143158
mount_path = "/var/run/secrets/kubernetes.io/serviceaccount"
144-
name = kubernetes_service_account.wallet_extractor_sa[0].default_secret_name
159+
name = kubernetes_secret.wallet_extractor_sa.0.metadata.0.name # kubernetes_service_account.wallet_extractor_sa[0].default_secret_name
145160
read_only = true
146161
}
147162
volume_mount {
@@ -151,9 +166,9 @@ resource "kubernetes_job" "wallet_extractor_job" {
151166
}
152167
}
153168
volume {
154-
name = kubernetes_service_account.wallet_extractor_sa[0].default_secret_name
169+
name = kubernetes_secret.wallet_extractor_sa.0.metadata.0.name # kubernetes_service_account.wallet_extractor_sa[0].default_secret_name
155170
secret {
156-
secret_name = kubernetes_service_account.wallet_extractor_sa[0].default_secret_name
171+
secret_name = kubernetes_secret.wallet_extractor_sa.0.metadata.0.name # kubernetes_service_account.wallet_extractor_sa[0].default_secret_name
157172
}
158173
}
159174
volume {

0 commit comments

Comments
 (0)