configure kubespray to sign service account tokens with a dedicated and stable key

2026-03-10 20:29:18 +03:00 · 2018-03-29 09:35:28 -05:00
parent 270d21f5c1
commit c8f857eae4
4 changed files with 15 additions and 2 deletions
--- a/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
@@ -29,7 +29,7 @@ spec:
    - controller-manager
    - --kubeconfig={{ kube_config_dir }}/kube-controller-manager-kubeconfig.yaml
    - --leader-elect=true
-    - --service-account-private-key-file={{ kube_cert_dir }}/apiserver-key.pem
+    - --service-account-private-key-file={{ kube_cert_dir }}/service-account-key.pem
    - --root-ca-file={{ kube_cert_dir }}/ca.pem
    - --cluster-signing-cert-file={{ kube_cert_dir }}/ca.pem
    - --cluster-signing-key-file={{ kube_cert_dir }}/ca-key.pem