configure kubespray to sign service account tokens with a dedicated and stable key

2026-03-09 19:58:07 +03:00 · 2018-03-29 09:35:28 -05:00
parent 270d21f5c1
commit c8f857eae4
4 changed files with 15 additions and 2 deletions
--- a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
@@ -63,7 +63,7 @@ spec:
 {% if kube_token_auth|default(true) %}
    - --token-auth-file={{ kube_token_dir }}/known_tokens.csv
 {% endif %}
-    - --service-account-key-file={{ kube_cert_dir }}/apiserver-key.pem
+    - --service-account-key-file={{ kube_cert_dir }}/service-account-key.pem
 {% if kube_oidc_auth|default(false) and kube_oidc_url is defined and kube_oidc_client_id is defined %}
    - --oidc-issuer-url={{ kube_oidc_url }}
    - --oidc-client-id={{ kube_oidc_client_id }}