根据其在kubernetes中的相应令牌获取服务帐户信息?

时间:2018-12-13 12:28:03

标签: kubernetes token

在kubernetes中,每个serviceaccount都有一个对应的秘密,其中包含一个令牌。如何通过令牌获取serviceaccount的Info(例如名称和名称空间)?

1 个答案:

答案 0 :(得分:1)

SA秘密令牌基于JWT 您可以使用例如:https://www.jsonwebtoken.io/来获取包含令牌信息的json,如下所示:

{
 "iss": "kubernetes/serviceaccount",
 "kubernetes.io/serviceaccount/namespace": "**<your_namespace>**",
 "kubernetes.io/serviceaccount/secret.name": "**<your_sa_name>-token-xxxxx**",
 "kubernetes.io/serviceaccount/service-account.name": "**<your_sa_name>**",
 "kubernetes.io/serviceaccount/service-account.uid": "**<your_sa_uid>**",
 "sub": "system:serviceaccount:<your_namespace>:**<your_sa_name>**",
 "jti": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
 "iat": 9999999999,
 "exp": 9999999999
}

希望这会有所帮助