问题
With what CA Certificate are the Kubernetes Service Account JWT tokens signed with? Is there a way to get the public key with which kubernetes service accounts are signed in GKE?
回答1:
You have no access to that key in GKE.
In general, the Service Account JWT tokens are signed with an RSA key by the controller manager. The key is specified by the --service-account-private-key-file for kube-controller-manager. (The public key is specified by the --service-account-key-file parameter for kube-apiserver.)
来源:https://stackoverflow.com/questions/46402683/ca-certificate-and-jwt-tokens-on-kubernetes