From 49a6516b86c41f29ed55f5ea532cf6248bc5226f Mon Sep 17 00:00:00 2001
From: Thomas Philipona <thomas@tim-koko.ch>
Date: Sun, 31 May 2026 12:36:58 +0200
Subject: [PATCH] Add functionality to directly use tokenfile instead of token,
 due to rotation

---
 build/bashrc               | 6 +++++-
 build/create_kubeconfig.sh | 6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/build/bashrc b/build/bashrc
index 10ac235..12d65de 100644
--- a/build/bashrc
+++ b/build/bashrc
@@ -21,7 +21,11 @@ export PATH="$KREW_ROOT/bin:$PATH"
 
 if [ ! -f "$HOME/.kube/config" ]; then
   kubectl config set-cluster local --server="https://kubernetes.default" --certificate-authority "/run/secrets/kubernetes.io/serviceaccount/ca.crt"
-  kubectl config set-credentials local --token="$(cat /run/secrets/kubernetes.io/serviceaccount/token)"
+  if [ "${KUBECONFIG_USE_TOKENFILE:-false}" = "true" ]; then
+    kubectl config set-credentials local --token-file=/run/secrets/kubernetes.io/serviceaccount/token
+  else
+    kubectl config set-credentials local --token="$(cat /run/secrets/kubernetes.io/serviceaccount/token)"
+  fi
   kubectl config set-context local --cluster "local" --user "local"
   kubectl config set-context local --namespace="${KUBECONFIG_NAMESPACE:-$USER}"
   kubectl config use-context local
diff --git a/build/create_kubeconfig.sh b/build/create_kubeconfig.sh
index 0d594fc..d267438 100755
--- a/build/create_kubeconfig.sh
+++ b/build/create_kubeconfig.sh
@@ -31,5 +31,9 @@ preferences: {}
 users:
 - name: ${KUBECONFIG_USERNAME}
   user:
-    token: ${TOKEN}
+$(if [ "${KUBECONFIG_USE_TOKENFILE:-false}" = "true" ]; then
+    echo "    tokenFile: /run/secrets/kubernetes.io/serviceaccount/token"
+  else
+    echo "    token: ${TOKEN}"
+  fi)
 EOF
\ No newline at end of file