Service Account Tokens & KEP-2799
Hi!
Now that Kubernetes no longer automatically generates secret-based service account tokens upon creation of a service account, I am wondering what your opinion is of utilizing the TokenRequest API in the Environment Controller to obtain tokens instead of reading them from the no-longer-autogenerated secret. Since reading from a secret would no longer be required, I was also thinking the token could be cached in memory (similar to how vault tokens are cached) and only renewed be when necessary.
If that sounds good, I'd be happy to contribute. I've already started on some of the work but wanted to get your opinion before going too far with it.
Edited by Nick Hankins