From 091fa2ffef094d91c3d2f5ef7ba3186d88339e24 Mon Sep 17 00:00:00 2001
From: Oguz Pastirmaci <oguz.pastirmaci@oracle.com>
Date: Mon, 29 Jul 2024 15:46:05 -0700
Subject: [PATCH] Add instructions for creating a service account
 authentication token (#29)

* Add instructions for adding a service account

* Update manifest link

* Update README.md
---
 README.md                              | 19 ++++++++++++++++++-
 manifests/oke-kubeconfig-sa-token.yaml |  8 ++++++++
 2 files changed, 26 insertions(+), 1 deletion(-)
 create mode 100644 manifests/oke-kubeconfig-sa-token.yaml

diff --git a/README.md b/README.md
index 727697c..bab6b6f 100644
--- a/README.md
+++ b/README.md
@@ -30,7 +30,7 @@ You can use the instructions [here.](https://docs.oracle.com/en-us/iaas/Content/
 ### Deploy the cluster using the Oracle Cloud Resource Manager template
 You can easily deploy the cluster using the **Deploy to Oracle Cloud** button below.
 
-[![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://github.com/oracle-quickstart/oci-hpc-oke/releases/download/v24.7.0/oke-rdma-quickstart-v24.7.0.zip)
+[![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://github.com/oracle-quickstart/oci-hpc-oke/releases/download/v24.7.1/oke-rdma-quickstart-v24.7.1.zip)
 
 For the image ID, use the ID of the image that you imported in the previous step.
 
@@ -49,6 +49,23 @@ NAME           STATUS     ROLES    AGE     VERSION
 10.0.96.82     Ready      node     2d23h   v1.25.6
 ```
 
+### Add a Service Account Authentication Token (optional but recommended)
+More info [here.](https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengaddingserviceaccttoken.htm)
+
+```
+kubectl -n kube-system create serviceaccount kubeconfig-sa
+
+kubectl create clusterrolebinding add-on-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:kubeconfig-sa
+
+kubectl apply -f https://raw.githubusercontent.com/oracle-quickstart/oci-hpc-oke/main/manifests/oke-kubeconfig-sa-token.yaml
+
+TOKEN=$(kubectl -n kube-system get secret oke-kubeconfig-sa-token -o jsonpath='{.data.token}' | base64 --decode)
+
+kubectl config set-credentials kubeconfig-sa --token=$TOKEN
+
+kubectl config set-context --current --user=kubeconfig-sa
+```
+
 ### Using the host RDMA network interfaces in manifests
 In order to use the RDMA interfaces on the host in your pods, you should have the below sections in your manifests:
 
diff --git a/manifests/oke-kubeconfig-sa-token.yaml b/manifests/oke-kubeconfig-sa-token.yaml
new file mode 100644
index 0000000..461ac4a
--- /dev/null
+++ b/manifests/oke-kubeconfig-sa-token.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: oke-kubeconfig-sa-token
+  namespace: kube-system
+  annotations:
+    kubernetes.io/service-account.name: kubeconfig-sa
+type: kubernetes.io/service-account-token
\ No newline at end of file