KubeZero/docs/SA_OIDC.yaml

# Service Account Tokens

## Federation with AWS IAM

### Discovery
- public S3 location for openid and jwks config files
- synchronized from the api-server to S3 during version upgrades  
service-account-issuer: `arn:aws:s3:::${ConfigBucketName}/k8s/${ClusterName}`  
api-audiences: `sts.amazonaws.com`

## Projection

## Resources
- https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection
- https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-issuer-discovery
chore: update docs and scripts 2021-06-25 16:00:38 +00:00			`# Service Account Tokens`

			`## Federation with AWS IAM`

			`### Discovery`
			`- public S3 location for openid and jwks config files`
			`- synchronized from the api-server to S3 during version upgrades`
			service-account-issuer: `arn:aws:s3:::${ConfigBucketName}/k8s/${ClusterName}`
			api-audiences: `sts.amazonaws.com`

			`## Projection`

			`## Resources`
			`- https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection`
			`- https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-issuer-discovery`