K
Q

Kubernetes service account - token signature validation

4/14/2020

In any given POD, service account token is is mounted at location.

/var/run/secrets/kubernetes.io/serviceaccount/token

I want to understand how this token is signed. What keys are used while signing this token by Kubernetes? How to get access to public key that can help in offline signature validation

/var/run/secrets/kubernetes.io/serviceaccount/ca.crt - I tried signature validation with the public key associated with this certificate. This does not seem to work.

Appreciate any help on this.

-- Milind Torney
kubernetes

Similar Questions

How to run multiple insurance of MySQL in kubernetes
Inter pods communication with dns name not working in kubernetes
Prometheus storage persistent understanding when installing from [stable/prometheus] on kubernets/eks with Grafana
How to Enable startupProbes in Azure Kubernetes Services?

1 Answer

4/14/2020

You can check the service account file from kube-apiserver pod yaml file. There is a flag which is:

 --service-account-key-file=/etc/kubernetes/pki/sa.pub

From master node check /etc/kubernetes/pki directory.

-- hoque
Source: StackOverflow