How can I authenticate a pod from another pod? I see I can use service accounts to authenticate to the api server, but what if I want to leverage the same authentication process when calling another pod?
I want to be able to securely identify which pod is calling another pod.
What you use is the TokenReview API. You would take the ServiceAccount token from one pod and send it over to the other. They would then start a TokenReview to verify the JWT. If you extract the public half of the signing key, you can also use that to verify JWT signatures directly (details of that depend on how you deploy and manage k8s). As mentioned in the comment, most service mesh tools also offer this, usually via TLS.