From cf794d0a93758161e3bb39278f6542c4c7dced40 Mon Sep 17 00:00:00 2001
From: Shihang Zhang <zshihang@google.com>
Date: Wed, 23 Feb 2022 15:52:31 -0800
Subject: [PATCH] wait for default service account instead of its token

---
 cluster/addons/addon-manager/Makefile            |  2 +-
 cluster/addons/addon-manager/kube-addons-main.sh | 14 +++++---------
 2 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/cluster/addons/addon-manager/Makefile b/cluster/addons/addon-manager/Makefile
index 7564048475d..43c14ed1690 100644
--- a/cluster/addons/addon-manager/Makefile
+++ b/cluster/addons/addon-manager/Makefile
@@ -15,7 +15,7 @@
 IMAGE=gcr.io/k8s-staging-addon-manager/kube-addon-manager
 ARCH?=amd64
 TEMP_DIR:=$(shell mktemp -d)
-VERSION=v9.1.5
+VERSION=v9.1.6
 KUBECTL_VERSION?=v1.20.2
 
 BASEIMAGE=k8s.gcr.io/debian-base-$(ARCH):v1.0.1
diff --git a/cluster/addons/addon-manager/kube-addons-main.sh b/cluster/addons/addon-manager/kube-addons-main.sh
index 1087cd49902..7ae2d5669cd 100755
--- a/cluster/addons/addon-manager/kube-addons-main.sh
+++ b/cluster/addons/addon-manager/kube-addons-main.sh
@@ -35,18 +35,14 @@ fi
 log INFO "== Kubernetes addon manager started at $(date -Is) with ADDON_CHECK_INTERVAL_SEC=${ADDON_CHECK_INTERVAL_SEC} =="
 
 # Wait for the default service account to be created in the kube-system namespace.
-token_found=""
-while [ -z "${token_found}" ]; do
+# shellcheck disable=SC2086
+# Disabling because "${KUBECTL_OPTS}" needs to allow for expansion here
+while ! ${KUBECTL} ${KUBECTL_OPTS} get --namespace="${SYSTEM_NAMESPACE}" serviceaccount default; do
+  log WRN "== Error getting default service account, retry in 0.5 second =="
   sleep 0.5
-  # shellcheck disable=SC2086
-  # Disabling because "${KUBECTL_OPTS}" needs to allow for expansion here
-  if ! token_found=$(${KUBECTL} ${KUBECTL_OPTS} get --namespace="${SYSTEM_NAMESPACE}" serviceaccount default -o go-template="{{with index .secrets 0}}{{.name}}{{end}}"); then
-    token_found="";
-    log WRN "== Error getting default service account, retry in 0.5 second =="
-  fi
 done
 
-log INFO "== Default service account in the ${SYSTEM_NAMESPACE} namespace has token ${token_found} =="
+log INFO "== Default service account in the ${SYSTEM_NAMESPACE} namespace =="
 
 # Create admission_control objects if defined before any other addon services. If the limits
 # are defined in a namespace other than default, we should still create the limits for the