Path to Service Account Key files

In upstream K8s, these exist by default (see service-account-* variables below - ref: https://jpweber.io/blog/a-look-at-tokenrequest-api/

Where (if at all) would the similar sa* files exist in Rancher (if at all) ? If not, what do I need to do to achieve this config. It’s a pre-requisite for Istio / SDS (see https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection)

apiVersion: kubeadm.k8s.io/v1beta1
kind: ClusterConfiguration
apiServer:
  extraArgs:
    service-account-signing-key-file: /etc/kubernetes/pki/sa.key ===> which file in rancher
    service-account-key-file: /etc/kubernetes/pki/sa.pub ===> which file in rancher
    service-account-issuer: api
    service-account-api-audiences: api,vault,factors