Set Up ServiceAccount token volume projection

Hi There,

We want to set up service account token volume projection and service account issuer discovery.

From what I understand we should be able to set the following:
In the edit cluster management yaml:

kube-api:
always_pull_images: false
pod_security_policy: false
secrets_encryption_config:
enabled: false
service_node_port_range: 30000-32767
extraArgs:
service-account-signing-key-file: /etc/kubernetes/pki/sa.key
service-account-key-file: /etc/kubernetes/pki/sa.pub
service-account-issuer: https://path.to/issuer.svc
service-account-api-audiences: aud1,aud2

But I also need to provide the worker nodes with the sa.key and sa.pub files. How do I roll these out too?

Is this the best/easiest way to set this up?

Is there any update on this? I could potentially edit the cluster config to set these values. However if a new worker gets added, I would like rancher to push the keys to the worker nodes.

Is there a setting inside rancher to set these file up?