Update KubeVirt Windows VM

Add ClusterRoleBinding to YAML declaration Remove annotation Add EOF Patchset 2 update (remove ClusterRoleBinding) Patchset 2 update (edit Set up remote management of VMs) Patchset 2 update (add secret to other ClusterRoleBindings) Patchset 5 updates Patchset 6 updates Signed-off-by: Ron Stone <ronald.stone@windriver.com> Change-Id: I11e63f97c82f4cb3e92403e8a8423d892e3160a3
2022-12-19 12:18:24 -05:00 · 2022-12-19 12:18:24 -05:00 · e8cbaad48d
commit e8cbaad48d
parent c1dbf8ac53
7 changed files with 57 additions and 2 deletions
--- a/doc/source/deploy_install_guides/r7_release/kubernetes_access.rst
+++ b/doc/source/deploy_install_guides/r7_release/kubernetes_access.rst
@ -146,6 +146,15 @@ controller-0:
      name: admin-user
      namespace: kube-system
    ---
+    apiVersion: v1
+    kind: Secret
+    type: kubernetes.io/service-account-token
+    metadata:
+      name: admin-user-sa-token
+      namespace: kube-system
+      annotations:
+        kubernetes.io/service-account.name: admin-user
+    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRoleBinding
    metadata:
--- a/doc/source/kube-virt/create-a-windows-vm-82957181df02.rst
+++ b/doc/source/kube-virt/create-a-windows-vm-82957181df02.rst
@ -116,7 +116,8 @@ network. Finally, RDP to the |VM| from a remote workstation.
             - name: myrootdisk
               dataVolume:
                 name: stx-lab-winserv-test-disk
-      
+      EOF
+
 #. Apply the configuration.

   .. code-block::
--- a/doc/source/security/kubernetes/configure-remote-helm-client-for-non-admin-users.rst
+++ b/doc/source/security/kubernetes/configure-remote-helm-client-for-non-admin-users.rst
@ -40,6 +40,15 @@ applications with a Helm v2 chart.
              name: admin-user
              namespace: kube-system
            ---
+            apiVersion: v1
+            kind: Secret
+            type: kubernetes.io/service-account-token
+            metadata:
+              name: admin-user-sa-token
+              namespace: kube-system
+              annotations:
+                kubernetes.io/service-account.name: admin-user
+            ---
            apiVersion: rbac.authorization.k8s.io/v1
            kind: ClusterRoleBinding
            metadata:
--- a/doc/source/security/kubernetes/create-an-admin-type-service-account.rst
+++ b/doc/source/security/kubernetes/create-an-admin-type-service-account.rst
@ -34,6 +34,15 @@ an admin service account with cluster-admin role, use the following procedure:
          name: admin-user
          namespace: kube-system
        ---
+        apiVersion: v1
+        kind: Secret
+        type: kubernetes.io/service-account-token
+        metadata:
+          name: admin-user-sa-token
+          namespace: kube-system
+          annotations:
+            kubernetes.io/service-account.name: admin-user
+        ---
        apiVersion: rbac.authorization.k8s.io/v1
        kind: ClusterRoleBinding
        metadata:
@ -69,4 +78,4 @@ an admin service account with cluster-admin role, use the following procedure:
    |prod| can also use user accounts defined in an external Windows Active
    Directory to authenticate Kubernetes API, :command:`kubectl` CLI or the
    Kubernetes Dashboard. For more information, see :ref:`Configure OIDC
-    Auth Applications <configure-oidc-auth-applications>`.
+    Auth Applications <configure-oidc-auth-applications>`.
--- a/doc/source/security/kubernetes/private-namespace-and-restricted-rbac.rst
+++ b/doc/source/security/kubernetes/private-namespace-and-restricted-rbac.rst
@ -109,6 +109,15 @@ with read/write type access to a single private namespace
              name: dave-user
              namespace: kube-system
            ---
+            apiVersion: v1
+            kind: Secret
+            type: kubernetes.io/service-account-token
+            metadata:
+              name: dave-user-sa-token
+              namespace: kube-system
+              annotations:
+                kubernetes.io/service-account.name: dave-user
+            ---
            apiVersion: rbac.authorization.k8s.io/v1
            kind: RoleBinding
            metadata:
--- a/doc/source/security/kubernetes/security-configure-container-backed-remote-clis-and-clients.rst
+++ b/doc/source/security/kubernetes/security-configure-container-backed-remote-clis-and-clients.rst
@ -100,6 +100,15 @@ CLIs and Clients for an admin user with cluster-admin clusterrole.
              name: ${USER}
              namespace: kube-system
            ---
+            apiVersion: v1
+            kind: Secret
+            type: kubernetes.io/service-account-token
+            metadata:
+              name: ${USER}-sa-token
+              namespace: kube-system
+              annotations:
+                kubernetes.io/service-account.name: ${USER}
+            ---
            apiVersion: rbac.authorization.k8s.io/v1
            kind: ClusterRoleBinding
            metadata:
--- a/doc/source/shared/_includes/install-kubectl-and-helm-clients-directly-on-a-host-6383c5f2b484.rest
+++ b/doc/source/shared/_includes/install-kubectl-and-helm-clients-directly-on-a-host-6383c5f2b484.rest
@ -15,6 +15,15 @@
              name: kubernetes-admin
              namespace: kube-system
            ---
+            apiVersion: v1
+            kind: Secret
+            type: kubernetes.io/service-account-token
+            metadata:
+              name: kubernetes-admin-sa-token
+              namespace: kube-system
+              annotations:
+                kubernetes.io/service-account.name: kubernetes-admin
+            ---
            apiVersion: rbac.authorization.k8s.io/v1
            kind: ClusterRoleBinding
            metadata: