[patch] Switch Prometheus SA token creation from oc cli to ansible module

ibm/mas_devops/roles/grafana/tasks/install/main.yml

@@ -84,17 +84,17 @@
 # As per https://docs.openshift.com/container-platform/4.8/monitoring/enabling-monitoring-for-user-defined-projects.html#enabling-monitoring-for-user-defined-projects
 # use the external thanos url
 
+- name: Get prometheus secret
+  kubernetes.core.k8s_info:
+    api_version: v1
+    kind: Secret
+    name: prometheus-serviceaccount-token
+    namespace: "{{ grafana_v5_namespace }}"
+  register: prometheus_secret
 
-- name: Create the prometheus token
-  shell: "oc create token prometheus-serviceaccount -n {{ grafana_namespace }} --duration=4294967296s"
-  register: prometheus_token_resp
-  retries: 10
-  delay: 30 # seconds
-  until: prometheus_token_resp.rc == 0
-
-- name: Get prometheus token
+- name: Decode and retrieve prometheus token from secret
   set_fact:
-    prometheus_token: "{{prometheus_token_resp.stdout_lines | first}}"
+    prometheus_token: "{{ prometheus_secret.resources[0].data.token |  b64decode }}"
 
 - name: "install : Get Thanos Querier route in openshift-monitoring namespace"
   kubernetes.core.k8s_info:

ibm/mas_devops/roles/grafana/templates/grafana/v5/grafana-prometheus-serviceaccount.yml.j2

@@ -5,6 +5,15 @@ metadata:
   name: prometheus-serviceaccount
   namespace: "{{ grafana_v5_namespace }}"
 ---
+kind: Secret
+apiVersion: v1
+metadata:
+  name: prometheus-serviceaccount-token
+  namespace: "{{ grafana_v5_namespace }}"
+  annotations:
+    kubernetes.io/service-account.name: prometheus-serviceaccount
+type: kubernetes.io/service-account-token
+---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata: