Add service account token secret

Signed-off-by: usimd <[email protected]>

charts/core-dump-handler/README.md

@@ -326,3 +326,7 @@ Daemonset
 * envFrom: Array of [EnvFromSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#envfromsource-v1-core) to inject into main container.
 * sidecarContainers: Array of [Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#container-v1-core) to define as part of the pod.
 * updateStrategy: [DaemonsetUpdateStrategy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#daemonsetupdatestrategy-v1-apps) is a struct used to control the update strategy for the DaemonSet.
+
+Service account:
+* useToken: automatically create a service account token secret
+* tokenSecretName: name of the service account token secret to create if `serviceAccount.useToken` is `true` (Default: "core-dump-service-account-token")

charts/core-dump-handler/templates/sa-token-secret.yaml

@@ -0,0 +1,9 @@
+{{- if .Values.serviceAccount.useToken }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ default "core-dump-service-account-token" .Values.serviceAccount.tokenSecretName }}
+  annotations:
+    kubernetes.io/service-account.name: {{ include "core-dump-handler.serviceAccountName" . }}
+type: kubernetes.io/service-account-token
+{{- end }}

charts/core-dump-handler/values.aws.yaml

@@ -2,3 +2,6 @@
 daemonset:
   includeCrioExe: true
   vendor: rhel7 # EKS EC2 images have an old libc=2.26
+
+serviceAccount:
+  useToken: true

charts/core-dump-handler/values.yaml

@@ -64,6 +64,8 @@ serviceAccount:
   name: "core-dump-admin"
   # annotations:
   #   eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here
+  useToken: false
+  tokenSecretName: core-dump-service-account-token
 
 # OpenShift specific for SecurityContextConstraints
 scc: