Add serviceAccount CredentialsSource

[angelbarrera92]

Signed-off-by: Barrera, Angel [email protected]

Description of your changes

Fixes #89

I have:

• Read and followed Crossplane's [contribution process].
• Run make reviewable test to ensure this PR is ready for review.

How has this code been tested

WIP

[angelbarrera92]

Any chance of getting help to test this PR locally?

1. It does not work in macos :( Every time I work on this, I have to switch to my beloved laptop.
2. I've posted a thread in the crossplane slack, #dev channel. No luck :(

Then, here are my doubts:

The go binary (kubernetes-provider) requires, at least a few grants (RBAC) right? I mean, the provider requires at least permissions to GET ProviderConfig right?
https://github.com/crossplane-contrib/provider-kubernetes/blob/main/internal/controller/object/object.go#L136

I know how to manage this by running it inside the Kubernetes cluster (with the ControlerConfig:

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: crossplane-kubernetes-controller
  namespace: crossplane-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: crossplane-kubernetes-controller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: crossplane-kubernetes-controller
  namespace: crossplane-system
---
apiVersion: pkg.crossplane.io/v1alpha1
kind: ControllerConfig
metadata:
  name: kubernetes-controller-config
spec:
  serviceAccountName: crossplane-kubernetes-controller
  args:
  - --debug
---
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
  name: provider-kubernetes
spec:
  package: xpkg.upbound.io/crossplane-contrib/provider-kubernetes:v0.5.0
  controllerConfigRef: 
    name: kubernetes-controller-config

But I don't get how it works from outside the cluster, any guidance on this topic?

2023-01-21T16:45:22.532+0100    DEBUG   events  Warning {"object": {"kind":"Object","name":"sample-namespace","uid":"ec19b058-b643-4957-b371-cedcb26f90fb","apiVersion":"kubernetes.crossplane.io/v1alpha1","resourceVersion":"3509"}, "reason": "CannotConnectToProvider", "message": "cannot get ProviderConfig: ProviderConfig.kubernetes.crossplane.io \"my-kubernetes-provider\" not found"}
$ kubectl get ProviderConfig.kubernetes.crossplane.io
NAME                     AGE
my-provider-kubernetes   28m

[turkenh]

@angelbarrera92 really sorry that I missed this 😞

In case you're still interested, you can follow the steps here to build/publish a package image with your local changes and then install it just like a regular package.

apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
  name: provider-kubernetes
spec:
  package: <your-dockerhub-org>/provider-kubernetes:v<version>

Please let me know if you're still interested in pushing this change further 🙏

[turkenh]

@angelbarrera92, are still planning to work on this? Otherwise, I would suggest closing this PR so as not to signal there is a WIP on the topic.

[maximilianbraun]

I think we'd have some capacity to continue the work. //cc: @angelbarrera92

[turkenh]

Closing as stale, feel free to reopen another one once you could start working again 🙏