I'm trying to automate creation of a few K8s resources using either helm or kustomize (the latter is preferred option). What I want to do is:
create a ServiceAccount
get value of its token, as you would do with kubectl get secret <secret_name> -o jsonpath={.data.token}
use the value from step #3 to create another Secret
This can be done pretty easily with CLI, but I want to wrap it using one of the templating tools. Any suggestions?
Kubernetes can create a Secret with a ServiceAccount token on its own. In a Helm chart, this would look like
# templates/sa-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: "{{ template "mychart.fullname . }}-sa"
labels:
{{- template "mychart.labels" . | nindent 4 }}
annotations:
kubernetes.io/service-account.name: "{{ template "mychart.serviceAccountName" . }}"
type: kubernetes.io/service-account-token
As a more general statement, though, Helm doesn't have the ability to create some resources, stop and do something else, and then create other resources; it only creates and deletes Kubernetes resources in one big block. This case only works because you can describe it using Kubernetes YAML.
