shawn-hurley/fix-2.patch

## fix-2.patch
diff --git a/controllers/velero.go b/controllers/velero.go
index 828cdb3..575008d 100644
--- a/controllers/velero.go
+++ b/controllers/velero.go
@@ -408,12 +408,31 @@ func (r *VeleroReconciler) customizeVeleroDeployment(velero *oadpv1alpha1.Velero
        // Selector: veleroDeployment.Spec.Selector,
        veleroDeployment.Spec.Replicas = pointer.Int32(1)
        veleroDeployment.Spec.Template.Spec.Tolerations = velero.Spec.VeleroTolerations
+       defaultMode := int32(420)
+       expirationSeconds := int64(3600)
        veleroDeployment.Spec.Template.Spec.Volumes = append(veleroDeployment.Spec.Template.Spec.Volumes,
                corev1.Volume{
                        Name: "certs",
                        VolumeSource: corev1.VolumeSource{
                                EmptyDir: &corev1.EmptyDirVolumeSource{},
                        },
+               },
+               corev1.Volume{
+                       Name: "bound-sa-token",
+                       VolumeSource: corev1.VolumeSource{
+                               Projected: &corev1.ProjectedVolumeSource{
+                                       DefaultMode: &defaultMode,
+                                       Sources: []corev1.VolumeProjection{
+                                               {
+                                                       ServiceAccountToken: &corev1.ServiceAccountTokenProjection{
+                                                               Audience:          "openshift",
+                                                               ExpirationSeconds: &expirationSeconds,
+                                                               Path:              "token",
+                                                       },
+                                               },
+                                       },
+                               },
+                       },
                })
        //add any default init containers here if needed eg: setup-certificate-secret
        // When you do this
@@ -452,6 +471,11 @@ func (r *VeleroReconciler) customizeVeleroContainer(velero *oadpv1alpha1.Velero,
                        Name:      "certs",
                        MountPath: "/etc/ssl/certs",
                },
+               corev1.VolumeMount{
+                       Name:      "bound-sa-token",
+                       MountPath: "/var/run/secrets/openshift/serviceaccount",
+                       ReadOnly:  true,
+               },
        )
	diff --git a/controllers/velero.go b/controllers/velero.go
	index 828cdb3..575008d 100644
	--- a/controllers/velero.go
	+++ b/controllers/velero.go
	@@ -408,12 +408,31 @@ func (r VeleroReconciler) customizeVeleroDeployment(velero oadpv1alpha1.Velero
	// Selector: veleroDeployment.Spec.Selector,
	veleroDeployment.Spec.Replicas = pointer.Int32(1)
	veleroDeployment.Spec.Template.Spec.Tolerations = velero.Spec.VeleroTolerations
	+ defaultMode := int32(420)
	+ expirationSeconds := int64(3600)
	veleroDeployment.Spec.Template.Spec.Volumes = append(veleroDeployment.Spec.Template.Spec.Volumes,
	corev1.Volume{
	Name: "certs",
	VolumeSource: corev1.VolumeSource{
	EmptyDir: &corev1.EmptyDirVolumeSource{},
	},
	+ },
	+ corev1.Volume{
	+ Name: "bound-sa-token",
	+ VolumeSource: corev1.VolumeSource{
	+ Projected: &corev1.ProjectedVolumeSource{
	+ DefaultMode: &defaultMode,
	+ Sources: []corev1.VolumeProjection{
	+ {
	+ ServiceAccountToken: &corev1.ServiceAccountTokenProjection{
	+ Audience: "openshift",
	+ ExpirationSeconds: &expirationSeconds,
	+ Path: "token",
	+ },
	+ },
	+ },
	+ },
	+ },
	})
	//add any default init containers here if needed eg: setup-certificate-secret
	// When you do this
	@@ -452,6 +471,11 @@ func (r VeleroReconciler) customizeVeleroContainer(velero oadpv1alpha1.Velero,
	Name: "certs",
	MountPath: "/etc/ssl/certs",
	},
	+ corev1.VolumeMount{
	+ Name: "bound-sa-token",
	+ MountPath: "/var/run/secrets/openshift/serviceaccount",
	+ ReadOnly: true,
	+ },
	)