feat: support Kubernetes service discovery

[lzxuan]

Primarily to support client.token_file in APISIX's Kubernetes service discovery configuration.

[tao12345666333]

thanks, if you create sa, then you need add RBAC for it. Right?

[tokers]

Is anything special for this ServiceAccount? I don't see the role binding for it.

[tao12345666333]

it also need to be added.

[lzxuan]

@tao12345666333 For the case of Kubernetes service discovery, yeah, ClusterRole and ClusterRoleBinding are also needed. If we are going into this use case specifically, I'll need to update the title of this PR together with the RBAC. Thanks

[lzxuan]

@tokers I'll update the necessary RBAC resources to support Kubernetes service discovery. Thanks!

[lzxuan]

@tao12345666333 @tokers Sorry for the late update, been busy recently. I've updated the necessary RBAC resources.

[lzxuan]

@tokers Is it better if we specify the cluster role rules in values.yaml? Like so: And use .serviceAccount.create as the only flag to determine whether to create cluster role and binding?

[tokers]

@tokers Is is better if we specify the cluster role rules in values.yaml? Like so: And use .serviceAccount.create as the only flag to determine whether to create cluster role and binding?

IMHO I didn't see any project do this. The permission for APISIX is certain. We may don't need to let users to customize it.

[lzxuan]

@tokers Is is better if we specify the cluster role rules in values.yaml? Like so: And use .serviceAccount.create as the only flag to determine whether to create cluster role and binding?

IMHO I didn't see any project do this. The permission for APISIX is certain. We may don't need to let users to customize it.

Fair enough. I didn't see any project do this either. Thanks for the input!