16 lines
578 B
YAML
16 lines
578 B
YAML
# Service Account Tokens
|
|
|
|
## Federation with AWS IAM
|
|
|
|
### Discovery
|
|
- public S3 location for openid and jwks config files
|
|
- synchronized from the api-server to S3 during version upgrades
|
|
service-account-issuer: `arn:aws:s3:::${ConfigBucketName}/k8s/${ClusterName}`
|
|
api-audiences: `sts.amazonaws.com`
|
|
|
|
## Projection
|
|
|
|
## Resources
|
|
- https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection
|
|
- https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-issuer-discovery
|