configure kubespray to sign service account tokens with a dedicated and stable key

2026-03-04 09:58:20 +03:00 · 2018-03-29 09:35:28 -05:00
parent 270d21f5c1
commit c8f857eae4
4 changed files with 15 additions and 2 deletions
--- a/roles/kubernetes/secrets/tasks/gen_certs_script.yml
+++ b/roles/kubernetes/secrets/tasks/gen_certs_script.yml
@@ -75,6 +75,7 @@
                       'kube-controller-manager-key.pem',
                       'front-proxy-client.pem',
                       'front-proxy-client-key.pem',
+                       'service-account-key.pem',
                       {% for node in groups['kube-master'] %}
                       'admin-{{ node }}.pem',
                       'admin-{{ node }}-key.pem',
@@ -86,6 +87,7 @@
                      'apiserver-key.pem',
                      'front-proxy-client.pem',
                      'front-proxy-client-key.pem',
+                      'service-account-key.pem',
                      'kube-scheduler.pem',
                      'kube-scheduler-key.pem',
                      'kube-controller-manager.pem',