From c525337d871bd0c15f2eba3efd97202391dc961a Mon Sep 17 00:00:00 2001
From: biondizzle <biondizzle@gmail.com>
Date: Thu, 11 Dec 2025 04:52:08 -0500
Subject: [PATCH] better examples and tests

---
 README.md         | 12 +-----------
 example.yaml      | 41 +++++++++++++++++++++++++++++++++++++++++
 test-webhook.yaml | 19 +++++++++++++++++++
 3 files changed, 61 insertions(+), 11 deletions(-)
 create mode 100644 example.yaml
 create mode 100644 test-webhook.yaml

diff --git a/README.md b/README.md
index 96c0aab..af61e38 100644
--- a/README.md
+++ b/README.md
@@ -29,6 +29,7 @@ When a pod is created, the webhook:
 
 - Kubernetes 1.20+ (for projected service account tokens)
 - `kubectl` configured to access your cluster
+  - Deploy a VKE cluster and do `export KUBECONFIG=~/Downloads/vke-64c243de-eb0b-4084-93ae-6c386bef8978.yaml`
 - OpenSSL (for certificate generation)
 - Go 1.24+ (for building from source)
 
@@ -255,14 +256,3 @@ go build -o webhook main.go
                   │ (Get SA)   │
                   └────────────┘
 ```
-
-## License
-
-MIT
-
-## Contributing
-
-Contributions welcome! Please ensure:
-- Code follows Go best practices
-- Add tests for new functionality
-- Update documentation as needed
\ No newline at end of file
diff --git a/example.yaml b/example.yaml
new file mode 100644
index 0000000..cec7796
--- /dev/null
+++ b/example.yaml
@@ -0,0 +1,41 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: example-app
+  namespace: default
+  annotations:
+    # Replace with actual IAM role ARN
+    vultr.com/role-arn: "arn:aws:iam::123456789012:role/example-app-role"
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: example-app
+  namespace: default
+spec:
+  serviceAccountName: example-app
+  containers:
+  - name: aws-cli
+    image: amazon/aws-cli:latest
+    command:
+      - /bin/bash
+      - -c
+      - |
+        echo "Testing IRSA configuration..."
+        echo ""
+        echo "Environment variables:"
+        env | grep AWS
+        echo ""
+        echo "Token file contents:"
+        ls -la /var/run/secrets/vultr.com/serviceaccount/
+        echo ""
+        echo "Token (first 50 chars):"
+        head -c 50 /var/run/secrets/vultr.com/serviceaccount/token
+        echo ""
+        echo ""
+        echo "Attempting to assume role..."
+        aws sts get-caller-identity || echo "Failed to get caller identity (expected if IAM role trust is not configured)"
+        echo ""
+        echo "Sleeping for 1 hour..."
+        sleep 3600
+  restartPolicy: Never
\ No newline at end of file
diff --git a/test-webhook.yaml b/test-webhook.yaml
new file mode 100644
index 0000000..daea0b2
--- /dev/null
+++ b/test-webhook.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: test-irsa
+  namespace: default
+  annotations:
+    vultr.com/role-arn: "arn:aws:iam::123456789012:role/test-role"
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-pod
+  namespace: default
+spec:
+  serviceAccountName: test-irsa
+  containers:
+  - name: busybox
+    image: busybox
+    command: ["sh", "-c", "env | grep AWS && ls -la /var/run/secrets/vultr.com/serviceaccount/ && sleep 3600"]
\ No newline at end of file