a.yaml.yml

          echo $AZURE_OIDC_ISSUER_PUBLIC_KEY | base64 -d > sa.pub
          echo $AZURE_OIDC_ISSUER_PRIVATE_KEY | base64 -d > sa.key
          cat <<EOF | ./kind create cluster --name radius --config=-
          kind: Cluster
          apiVersion: kind.x-k8s.io/v1alpha4
          nodes:
          - role: control-plane
            extraMounts:
              - hostPath: ./sa.pub
                containerPath: /etc/kubernetes/pki/sa.pub
              - hostPath: ./sa.key
                containerPath: /etc/kubernetes/pki/sa.key
              - hostPath: ./ghcr_secret.json
                containerPath: /var/lib/kubelet/config.json
            kubeadmConfigPatches:
            - |
              kind: ClusterConfiguration
              apiServer:
                extraArgs:
                  service-account-issuer: $AZURE_OIDC_ISSUER
                  service-account-key-file: /etc/kubernetes/pki/sa.pub
                  service-account-signing-key-file: /etc/kubernetes/pki/sa.key
              controllerManager:
                extraArgs:
                  service-account-private-key-file: /etc/kubernetes/pki/sa.key
          EOF