From 81175d8e779ad113e736336a220686f759db3c85 Mon Sep 17 00:00:00 2001
From: Andrew Pitt <apitt@redhat.com>
Date: Tue, 20 Apr 2021 09:01:05 -0400
Subject: [PATCH 1/3] Get serviceaccount token from running container.

---
 entrypoint.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/entrypoint.sh b/entrypoint.sh
index 2cb485c..eaf0275 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -1,5 +1,8 @@
 #!/bin/sh
 
+# Source the service account token from the container directly.
+export TOKEN="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)"
+
 redis-server /etc/redis/redis.conf &
 
 sed -i "s/ENDPOINT_PLACEHOLDER/$ENDPOINT/g" /var/www/html/kubeinvaders.js

From e3b0edbf301c2f6b83e99b1bf45c249afdcd21dc Mon Sep 17 00:00:00 2001
From: Andrew Pitt <apitt@redhat.com>
Date: Tue, 20 Apr 2021 09:01:28 -0400
Subject: [PATCH 2/3] Remove serviceaccount and secret from template.

---
 openshift/KubeInvaders.yaml | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/openshift/KubeInvaders.yaml b/openshift/KubeInvaders.yaml
index d312522..554c9b0 100644
--- a/openshift/KubeInvaders.yaml
+++ b/openshift/KubeInvaders.yaml
@@ -24,14 +24,7 @@ parameters:
   value: kubeinvaders
 - description: A namespaces to stress with KubeInvaders.
   name: TARGET_NAMESPACE
-- description: Secret of the serviceAccount that can kill PODs in specific namespace.
-  name: KUBEINVADERS_SECRET
 objects:
-- apiVersion: v1
-  kind: ServiceAccount
-  metadata:
-    name: kubeinvaders
-    namespace: ${NAMESPACE}
 - apiVersion: route.openshift.io/v1
   kind: Route
   metadata:

From 4f067d899c5109bced281117fbc9fd49be0c2e2e Mon Sep 17 00:00:00 2001
From: Andrew Pitt <apitt@redhat.com>
Date: Tue, 20 Apr 2021 10:16:43 -0400
Subject: [PATCH 3/3] Also removed secret ref from ocp template.

---
 openshift/KubeInvaders.yaml | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/openshift/KubeInvaders.yaml b/openshift/KubeInvaders.yaml
index 554c9b0..accbe0e 100644
--- a/openshift/KubeInvaders.yaml
+++ b/openshift/KubeInvaders.yaml
@@ -84,11 +84,6 @@ objects:
             value: "15"
           - name: HITSLIMIT
             value: "0"
-          - name: TOKEN
-            valueFrom:
-              secretKeyRef:
-                name: "${KUBEINVADERS_SECRET}"
-                key: token
           name: kubeinvaders
           image: ${IMAGE_KUBEINVADERS}
           imagePullPolicy: Always