Full support for projected volumes

[ldx]

Right now Kip only supports configmap and secret sources:

// Projection that may be projected along with other supported volume types
type VolumeProjection struct {
    // all types below are the supported types for projection into the same volume

    // information about the secret data to project
    // +optional
    Secret *SecretProjection `json:"secret,omitempty"`
    // // information about the downwardAPI data to project
    // // +optional
    // DownwardAPI *DownwardAPIProjection `json:"downwardAPI,omitempty"`
    // information about the configMap data to project
    // +optional
    ConfigMap *ConfigMapProjection `json:"configMap,omitempty"`
    // information about the serviceAccountToken data to project
    // +optional
    //ServiceAccountToken *ServiceAccountTokenProjection `json:"serviceAccountToken,omitempty"`
}

Once service account token rotation is enabled, service accounts will be added to pods via a ServiceAccountToken projected volume source. Example:

- name: kube-api-access-tz9tt
  projected:
    defaultMode: 420
    sources:
    - serviceAccountToken:
        expirationSeconds: 3600
        path: token
    - configMap:
        items:
        - key: ca.crt
          path: ca.crt
        name: kube-root-ca.crt
    - downwardAPI:
        items:
        - fieldRef:
            apiVersion: v1
            fieldPath: metadata.namespace
          path: namespace

So in-cluster API server access configuration will break for pods.

Currently, ServiceAccountTokenVolumeProjection is beta in 1.12 and enabled by passing all of the following flags to the API server:

• --service-account-issuer
• --service-account-signing-key-file
• --service-account-api-audiences

We need to implement DownwardAPIProjection and ServiceAccountTokenVolumeProjection.