在kubernetes中,每个serviceaccount都有一个对应的秘密,其中包含一个令牌。如何通过令牌获取serviceaccount的Info(例如名称和名称空间)?
答案 0 :(得分:1)
SA秘密令牌基于JWT 您可以使用例如:https://www.jsonwebtoken.io/来获取包含令牌信息的json,如下所示:
{
"iss": "kubernetes/serviceaccount",
"kubernetes.io/serviceaccount/namespace": "**<your_namespace>**",
"kubernetes.io/serviceaccount/secret.name": "**<your_sa_name>-token-xxxxx**",
"kubernetes.io/serviceaccount/service-account.name": "**<your_sa_name>**",
"kubernetes.io/serviceaccount/service-account.uid": "**<your_sa_uid>**",
"sub": "system:serviceaccount:<your_namespace>:**<your_sa_name>**",
"jti": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"iat": 9999999999,
"exp": 9999999999
}
希望这会有所帮助