From 6fad115a910970a36edb88b63835ca85d55e3fc7 Mon Sep 17 00:00:00 2001 From: Yury Kovalev <8366110+kovayur@users.noreply.github.com> Date: Mon, 17 Jun 2024 15:46:53 +0200 Subject: [PATCH] ROX-23709: Fix token expiration (#1891) Fix token expiration --- .../templates/fleetshard-sync.yaml | 21 +++++-------------- 1 file changed, 5 insertions(+), 16 deletions(-) diff --git a/dp-terraform/helm/rhacs-terraform/templates/fleetshard-sync.yaml b/dp-terraform/helm/rhacs-terraform/templates/fleetshard-sync.yaml index ad78cd16c1..e624172c26 100644 --- a/dp-terraform/helm/rhacs-terraform/templates/fleetshard-sync.yaml +++ b/dp-terraform/helm/rhacs-terraform/templates/fleetshard-sync.yaml @@ -142,16 +142,8 @@ spec: key: {{ .Values.fleetshardSync.tenantImagePullSecret.key | quote }} {{- end }} volumeMounts: - - mountPath: /var/run/secrets/tokens/aws-token - subPath: aws-token - name: aws-token - readOnly: true - {{- if eq "SERVICE_ACCOUNT_TOKEN" .Values.fleetshardSync.authType }} - - mountPath: /var/run/secrets/tokens/fleet-manager-token - subPath: fleet-manager-token - name: fleet-manager-token - readOnly: true - {{- end }} + - mountPath: /var/run/secrets/tokens + name: tokens ports: - name: monitoring containerPort: 8080 @@ -163,19 +155,16 @@ spec: cpu: {{ .Values.fleetshardSync.resources.requests.cpu | quote }} memory: {{ .Values.fleetshardSync.resources.requests.memory | quote }} volumes: - - name: aws-token + - name: tokens projected: sources: - serviceAccountToken: path: aws-token audience: sts.amazonaws.com expirationSeconds: 3600 - {{- if eq "SERVICE_ACCOUNT_TOKEN" .Values.fleetshardSync.authType }} - - name: fleet-manager-token - projected: - sources: + {{- if eq "SERVICE_ACCOUNT_TOKEN" .Values.fleetshardSync.authType }} - serviceAccountToken: path: fleet-manager-token audience: acs-fleet-manager-private-api expirationSeconds: 3600 - {{- end }} + {{- end }}