docs: locally run with a specific ServiceAccount

Signed-off-by: Víctor Cuadrado Juan <[email protected]>
kubewarden · Jul 24, 2023 · 591c154 · 591c154
1 parent 12810e1
commit 591c154
Showing 1 changed file with 27 additions and 2 deletions.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -5,7 +5,7 @@ PolicyReports CRDs. And the audit feature is disabled by default.
 
 Then:
 
-``` console
+```console
 kubectl port-forward -n kubewarden service/policy-server-default 3000:8443
 
 ./bin/audit-scanner \
@@ -16,9 +16,34 @@ kubectl port-forward -n kubewarden service/policy-server-default 3000:8443
 
 or to get results in JSON:
 
-``` console
+```console
 ./bin/audit-scanner \
   -k kubewarden --namespace default \
   --policy-server-url https://localhost:3000 \
   -l debug --print
 ```
+
+### Run against audit-scanner SA
+
+To run with the `audit-scanner` ServiceAccount, install `kubewarden-controller`
+chart, and, with the help of the kubectl [view-serviceaccount-kubeconfig](https://github.com/superbrothers/kubectl-view-serviceaccount-kubeconfig-plugin)
+plugin:
+
+```console
+kubectl create token audit-scanner -n kubewarden | kubectl view-serviceaccount-kubeconfig > ./kubeconfig
+```
+
+If needed, patch the resulting kubeconfig, adding the missing
+`certificate-authority`. E.g:
+
+```yaml
+clusters:
+- cluster:
+  certificate-authority: /home/vic/.minikube/ca.crt
+```
+
+And use it:
+
+```console
+export KUBECONFIG=./kubeconfig
+```