Update KubeVirt Windows VM

Add ClusterRoleBinding to YAML declaration
Remove annotation
Add EOF
Patchset 2 update (remove ClusterRoleBinding)
Patchset 2 update (edit Set up remote management of VMs)
Patchset 2 update (add secret to other ClusterRoleBindings)
Patchset 5 updates
Patchset 6 updates

Signed-off-by: Ron Stone <ronald.stone@windriver.com>
Change-Id: I11e63f97c82f4cb3e92403e8a8423d892e3160a3

doc/source/deploy_install_guides/r7_release/kubernetes_access.rst

@@ -146,6 +146,15 @@ controller-0:
       name: admin-user
       namespace: kube-system
     ---
+    apiVersion: v1
+    kind: Secret
+    type: kubernetes.io/service-account-token
+    metadata:
+      name: admin-user-sa-token
+      namespace: kube-system
+      annotations:
+        kubernetes.io/service-account.name: admin-user
+    ---
     apiVersion: rbac.authorization.k8s.io/v1
     kind: ClusterRoleBinding
     metadata:

doc/source/kube-virt/create-a-windows-vm-82957181df02.rst

@@ -116,7 +116,8 @@ network. Finally, RDP to the |VM| from a remote workstation.
              - name: myrootdisk
                dataVolume:
                  name: stx-lab-winserv-test-disk
-      
+      EOF
+
 #. Apply the configuration.
 
    .. code-block::

doc/source/security/kubernetes/configure-remote-helm-client-for-non-admin-users.rst

@@ -40,6 +40,15 @@ applications with a Helm v2 chart.
               name: admin-user
               namespace: kube-system
             ---
+            apiVersion: v1
+            kind: Secret
+            type: kubernetes.io/service-account-token
+            metadata:
+              name: admin-user-sa-token
+              namespace: kube-system
+              annotations:
+                kubernetes.io/service-account.name: admin-user
+            ---
             apiVersion: rbac.authorization.k8s.io/v1
             kind: ClusterRoleBinding
             metadata:

doc/source/security/kubernetes/create-an-admin-type-service-account.rst

@@ -34,6 +34,15 @@ an admin service account with cluster-admin role, use the following procedure:
           name: admin-user
           namespace: kube-system
         ---
+        apiVersion: v1
+        kind: Secret
+        type: kubernetes.io/service-account-token
+        metadata:
+          name: admin-user-sa-token
+          namespace: kube-system
+          annotations:
+            kubernetes.io/service-account.name: admin-user
+        ---
         apiVersion: rbac.authorization.k8s.io/v1
         kind: ClusterRoleBinding
         metadata:
@@ -69,4 +78,4 @@ an admin service account with cluster-admin role, use the following procedure:
     |prod| can also use user accounts defined in an external Windows Active
     Directory to authenticate Kubernetes API, :command:`kubectl` CLI or the
     Kubernetes Dashboard. For more information, see :ref:`Configure OIDC
-    Auth Applications <configure-oidc-auth-applications>`.
+    Auth Applications <configure-oidc-auth-applications>`.

doc/source/security/kubernetes/private-namespace-and-restricted-rbac.rst

@@ -109,6 +109,15 @@ with read/write type access to a single private namespace
               name: dave-user
               namespace: kube-system
             ---
+            apiVersion: v1
+            kind: Secret
+            type: kubernetes.io/service-account-token
+            metadata:
+              name: dave-user-sa-token
+              namespace: kube-system
+              annotations:
+                kubernetes.io/service-account.name: dave-user
+            ---
             apiVersion: rbac.authorization.k8s.io/v1
             kind: RoleBinding
             metadata:

doc/source/security/kubernetes/security-configure-container-backed-remote-clis-and-clients.rst

@@ -100,6 +100,15 @@ CLIs and Clients for an admin user with cluster-admin clusterrole.
               name: ${USER}
               namespace: kube-system
             ---
+            apiVersion: v1
+            kind: Secret
+            type: kubernetes.io/service-account-token
+            metadata:
+              name: ${USER}-sa-token
+              namespace: kube-system
+              annotations:
+                kubernetes.io/service-account.name: ${USER}
+            ---
             apiVersion: rbac.authorization.k8s.io/v1
             kind: ClusterRoleBinding
             metadata:

doc/source/shared/_includes/install-kubectl-and-helm-clients-directly-on-a-host-6383c5f2b484.rest

@@ -15,6 +15,15 @@
               name: kubernetes-admin
               namespace: kube-system
             ---
+            apiVersion: v1
+            kind: Secret
+            type: kubernetes.io/service-account-token
+            metadata:
+              name: kubernetes-admin-sa-token
+              namespace: kube-system
+              annotations:
+                kubernetes.io/service-account.name: kubernetes-admin
+            ---
             apiVersion: rbac.authorization.k8s.io/v1
             kind: ClusterRoleBinding
             metadata: