Harold Delgado Planco
Reputation: 11
CA Certificate and JWT tokens on kubernetes
With what CA Certificate are the Kubernetes Service Account JWT tokens signed with? Is there a way to get the public key with which kubernetes service accounts are signed in GKE?
Upvotes: 1
Views: 1268
Answers (1)
Janos Lenart
Reputation: 27100
You have no access to that key in GKE.
In general, the Service Account JWT tokens are signed with an RSA key by the controller manager. The key is specified by the --service-account-private-key-file for kube-controller-manager. (The public key is specified by the --service-account-key-file parameter for kube-apiserver.)
Upvotes: 1
Related Questions
- How do I obtain Kubernetes CA Certificate?
- How to use Kubernetes SSL certificates
- Store KOPS CA key and certificate in Vault
- Vault Kubernetes Authentication
- What is a JWT Issuer?
- Kubernetes user authentication with certificate
- Kubernetes: Populate certificates into keystores
- Certificates for services
- How to verify Kubernetes service account token (JWT)
- Kubernetes on localhost: setup certificates