From aeb4a4a1e9aeb9957d6d7e75e97227781d84b78b Mon Sep 17 00:00:00 2001
From: Ariel Rolfo <arielr-lt+username@users.noreply.github.com>
Date: Mon, 11 May 2026 16:27:10 -0300
Subject: [PATCH] Mount Argo token in sandbox app pods

---
 .../eks/k8s-manifests-sandbox/app-deployment.yaml | 13 +++++++++++++
 .../k8s-manifests-sandbox/worker-deployment.yaml  | 15 ++++++++++++++-
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/terraform/environments/eks/k8s-manifests-sandbox/app-deployment.yaml b/terraform/environments/eks/k8s-manifests-sandbox/app-deployment.yaml
index a97c5505..cd3e4e95 100644
--- a/terraform/environments/eks/k8s-manifests-sandbox/app-deployment.yaml
+++ b/terraform/environments/eks/k8s-manifests-sandbox/app-deployment.yaml
@@ -38,8 +38,14 @@ spec:
           env:
             - name: NEW_RELIC_APP_NAME
               value: "Credential Engine Sandbox"
+            - name: ARGO_WORKFLOWS_TOKEN_PATH
+              value: "/var/run/secrets/argo-workflows/token"
           ports:
             - containerPort: 9292
+          volumeMounts:
+            - name: argo-workflows-token
+              mountPath: /var/run/secrets/argo-workflows
+              readOnly: true
           envFrom:
             - secretRef:
                 name: app-secrets # DB credentials, APP_KEY, etc.
@@ -52,6 +58,13 @@ spec:
             limits:
               cpu: "1000m"
               memory: "1024Mi"
+      volumes:
+        - name: argo-workflows-token
+          secret:
+            secretName: argo-workflows-token
+            items:
+              - key: token
+                path: token
 
 ---
 apiVersion: v1
diff --git a/terraform/environments/eks/k8s-manifests-sandbox/worker-deployment.yaml b/terraform/environments/eks/k8s-manifests-sandbox/worker-deployment.yaml
index 046705c4..3235f23e 100644
--- a/terraform/environments/eks/k8s-manifests-sandbox/worker-deployment.yaml
+++ b/terraform/environments/eks/k8s-manifests-sandbox/worker-deployment.yaml
@@ -38,6 +38,8 @@ spec:
               value: "Credential Engine Sandbox"
             - name: PATH
               value: "/app/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin"
+            - name: ARGO_WORKFLOWS_TOKEN_PATH
+              value: "/var/run/secrets/argo-workflows/token"
           command: ["/bin/bash","-lc"]
           args:
             - |
@@ -51,10 +53,21 @@ spec:
                 name: app-secrets
             - configMapRef:
                 name: main-app-config
+          volumeMounts:
+            - name: argo-workflows-token
+              mountPath: /var/run/secrets/argo-workflows
+              readOnly: true
           resources:
             requests:
               cpu: "256m"
               memory: "2Gi"            
             limits:
               cpu: "1000m"
-              memory: "2Gi"
\ No newline at end of file
+              memory: "2Gi"
+      volumes:
+        - name: argo-workflows-token
+          secret:
+            secretName: argo-workflows-token
+            items:
+              - key: token
+                path: token