From 591c154d17cbaab92728d2b4ef305609b96ed509 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?V=C3=ADctor=20Cuadrado=20Juan?= <vcuadradojuan@suse.de>
Date: Mon, 24 Jul 2023 15:57:08 +0200
Subject: [PATCH] docs: locally run with a specific ServiceAccount
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Víctor Cuadrado Juan <vcuadradojuan@suse.de>
---
 CONTRIBUTING.md | 29 +++++++++++++++++++++++++++--
 1 file changed, 27 insertions(+), 2 deletions(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 4466d79b..e87da912 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -5,7 +5,7 @@ PolicyReports CRDs. And the audit feature is disabled by default.
 
 Then:
 
-``` console
+```console
 kubectl port-forward -n kubewarden service/policy-server-default 3000:8443
 
 ./bin/audit-scanner \
@@ -16,9 +16,34 @@ kubectl port-forward -n kubewarden service/policy-server-default 3000:8443
 
 or to get results in JSON:
 
-``` console
+```console
 ./bin/audit-scanner \
   -k kubewarden --namespace default \
   --policy-server-url https://localhost:3000 \
   -l debug --print
 ```
+
+### Run against audit-scanner SA
+
+To run with the `audit-scanner` ServiceAccount, install `kubewarden-controller`
+chart, and, with the help of the kubectl [view-serviceaccount-kubeconfig](https://github.com/superbrothers/kubectl-view-serviceaccount-kubeconfig-plugin)
+plugin:
+
+```console
+kubectl create token audit-scanner -n kubewarden | kubectl view-serviceaccount-kubeconfig > ./kubeconfig
+```
+
+If needed, patch the resulting kubeconfig, adding the missing
+`certificate-authority`. E.g:
+
+```yaml
+clusters:
+- cluster:
+  certificate-authority: /home/vic/.minikube/ca.crt
+```
+
+And use it:
+
+```console
+export KUBECONFIG=./kubeconfig
+```