Skip to content

Instantly share code, notes, and snippets.

@shawn-hurley
Created October 13, 2021 18:43
Show Gist options
  • Save shawn-hurley/a257ab801487ecdc855dd4c177bd474d to your computer and use it in GitHub Desktop.
Save shawn-hurley/a257ab801487ecdc855dd4c177bd474d to your computer and use it in GitHub Desktop.
diff --git a/controllers/velero.go b/controllers/velero.go
index 828cdb3..575008d 100644
--- a/controllers/velero.go
+++ b/controllers/velero.go
@@ -408,12 +408,31 @@ func (r *VeleroReconciler) customizeVeleroDeployment(velero *oadpv1alpha1.Velero
// Selector: veleroDeployment.Spec.Selector,
veleroDeployment.Spec.Replicas = pointer.Int32(1)
veleroDeployment.Spec.Template.Spec.Tolerations = velero.Spec.VeleroTolerations
+ defaultMode := int32(420)
+ expirationSeconds := int64(3600)
veleroDeployment.Spec.Template.Spec.Volumes = append(veleroDeployment.Spec.Template.Spec.Volumes,
corev1.Volume{
Name: "certs",
VolumeSource: corev1.VolumeSource{
EmptyDir: &corev1.EmptyDirVolumeSource{},
},
+ },
+ corev1.Volume{
+ Name: "bound-sa-token",
+ VolumeSource: corev1.VolumeSource{
+ Projected: &corev1.ProjectedVolumeSource{
+ DefaultMode: &defaultMode,
+ Sources: []corev1.VolumeProjection{
+ {
+ ServiceAccountToken: &corev1.ServiceAccountTokenProjection{
+ Audience: "openshift",
+ ExpirationSeconds: &expirationSeconds,
+ Path: "token",
+ },
+ },
+ },
+ },
+ },
})
//add any default init containers here if needed eg: setup-certificate-secret
// When you do this
@@ -452,6 +471,11 @@ func (r *VeleroReconciler) customizeVeleroContainer(velero *oadpv1alpha1.Velero,
Name: "certs",
MountPath: "/etc/ssl/certs",
},
+ corev1.VolumeMount{
+ Name: "bound-sa-token",
+ MountPath: "/var/run/secrets/openshift/serviceaccount",
+ ReadOnly: true,
+ },
)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment