Path to Service Account Key files

In upstream K8s, these exist by default (see service-account-* variables below - ref:

Where (if at all) would the similar sa* files exist in Rancher (if at all) ? If not, what do I need to do to achieve this config. It’s a pre-requisite for Istio / SDS (see

kind: ClusterConfiguration
    service-account-signing-key-file: /etc/kubernetes/pki/sa.key ===> which file in rancher
    service-account-key-file: /etc/kubernetes/pki/ ===> which file in rancher
    service-account-issuer: api
    service-account-api-audiences: api,vault,factors
1 Like

Did you ever get an answer on how to do that. We are looking into installing istio 1.5 which requires that

I was able to enable that by modifying the cluster.yaml and adding

          service-account-issuer: "kubernetes.default.svc"
          service-account-signing-key-file: "/etc/kubernetes/ssl/kube-service-account-token-key.pem"