step-issuer uses the default ServiceAccount of the namespace where it's installed. However, in some hardened environments the default service account may not have the token mounted, as it will have disabled automountServiceAccountToken. Where this is the case, the kube-rbac-proxy won't be able to start as it needs a ServiceAccount that can be authenticated
This PR adds a service account in the same way in the same way in which helm create generates for new charts
step-issueruses the default ServiceAccount of the namespace where it's installed. However, in some hardened environments the default service account may not have the token mounted, as it will have disabledautomountServiceAccountToken. Where this is the case, thekube-rbac-proxywon't be able to start as it needs a ServiceAccount that can be authenticatedThis PR adds a service account in the same way in the same way in which
helm creategenerates for new charts