mirror of
https://github.com/holos-run/holos.git
synced 2026-03-20 01:04:59 +00:00
fd306aae76
This patch adds a ConfigMap and Pod to the eso-creds-refresher component. The Pod executes the gcloud container, impersonates the eso-creds-refresher iam service account using workload identity, then authenticates to the remote provisioner cluster. This is the foundation for a script to automatically create Secret API objects in a workload cluster which have a kubernetes service account token ESO SecretStore resources can use to fetch secrets from the provisioner cluster. Once we have that script in place we can turn this Pod into a Job and replace Vault.