kubernetes上的CA证书和JWT令牌 [英] CA Certificate and JWT tokens on kubernetes
问题描述
Kubernetes服务帐户JWT令牌使用什么CA证书签名?有没有办法获取在GKE中用来签名kubernetes服务帐户的公钥?
With what CA Certificate are the Kubernetes Service Account JWT tokens signed with? Is there a way to get the public key with which kubernetes service accounts are signed in GKE?
推荐答案
您无法在GKE中访问该密钥.
You have no access to that key in GKE.
通常,服务帐户JWT令牌由控制器管理器使用RSA密钥签名.密钥由kube-controller-manager
的--service-account-private-key-file
指定. (公用密钥由kube-apiserver
的--service-account-key-file
参数指定.)
In general, the Service Account JWT tokens are signed with an RSA key by the controller manager. The key is specified by the --service-account-private-key-file
for kube-controller-manager
. (The public key is specified by the --service-account-key-file
parameter for kube-apiserver
.)
这篇关于kubernetes上的CA证书和JWT令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!