kubernetes上的CA证书和JWT令牌 [英] CA Certificate and JWT tokens on kubernetes

问题描述

Kubernetes服务帐户JWT令牌使用什么CA证书签名?有没有办法获取在GKE中用来签名kubernetes服务帐户的公钥?

With what CA Certificate are the Kubernetes Service Account JWT tokens signed with? Is there a way to get the public key with which kubernetes service accounts are signed in GKE?

推荐答案

您无法在GKE中访问该密钥.

You have no access to that key in GKE.

通常，服务帐户JWT令牌由控制器管理器使用RSA密钥签名.密钥由kube-controller-manager的--service-account-private-key-file指定. (公用密钥由kube-apiserver的--service-account-key-file参数指定.)

In general, the Service Account JWT tokens are signed with an RSA key by the controller manager. The key is specified by the --service-account-private-key-file for kube-controller-manager. (The public key is specified by the --service-account-key-file parameter for kube-apiserver.)

这篇关于kubernetes上的CA证书和JWT令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！