Set Up ServiceAccount token volume projection

Daryl_Blake · February 15, 2024, 1:07am

Hi There,

We want to set up service account token volume projection and service account issuer discovery.

From what I understand we should be able to set the following:
In the edit cluster management yaml:

kube-api:
always_pull_images: false
pod_security_policy: false
secrets_encryption_config:
enabled: false
service_node_port_range: 30000-32767
extraArgs:
service-account-signing-key-file: /etc/kubernetes/pki/sa.key
service-account-key-file: /etc/kubernetes/pki/sa.pub
service-account-issuer: https://path.to/issuer.svc
service-account-api-audiences: aud1,aud2

But I also need to provide the worker nodes with the sa.key and sa.pub files. How do I roll these out too?

Is this the best/easiest way to set this up?

Daryl_Blake · February 19, 2024, 1:28am

Is there any update on this? I could potentially edit the cluster config to set these values. However if a new worker gets added, I would like rancher to push the keys to the worker nodes.

Is there a setting inside rancher to set these file up?

Topic		Replies	Views
Path to Service Account Key files Rancher	4	2727	February 15, 2024
Service Account management and token generation Rancher	0	706	August 24, 2020
RKE1 Service Account verification public key Rancher	0	26	September 5, 2024
Rancher 2.6.3 created kubeconfig does not allow RBAC testing of service account Rancher	5	3046	February 28, 2022
Creating/updating serviceaccount? Rancher	1	4239	August 3, 2018

Set Up ServiceAccount token volume projection

Related topics