Skip to content

Why a service account key file in the kube-apiserver is a private key? #4173

Answered by brandond
mazzy89 asked this question in Q&A
Discussion options

You must be logged in to vote

The text on that page was suggested by a community member at kubernetes/website#3166 (comment) and perhaps doesn't reflect reality, as the kube-apiserver docs for that flag say:

--service-account-key-file strings
File containing PEM-encoded x509 RSA or ECDSA private or public keys, used to verify ServiceAccount tokens. The specified file can contain multiple keys, and the flag can be specified multiple times with different files. If unspecified, --tls-private-key-file is used. Must be specified when --service-account-signing-key is provided.

So it would appear that it is absolutely valid to pass the private key to both.

Replies: 3 comments 8 replies

Comment options

You must be logged in to vote
0 replies
Comment options

You must be logged in to vote
1 reply
@mazzy89
Comment options

Answer selected by mazzy89
Comment options

You must be logged in to vote
7 replies
@brandond
Comment options

brandond Aug 9, 2024
Collaborator

@TheOnlyWei
Comment options

@brandond
Comment options

brandond Aug 9, 2024
Collaborator

@TheOnlyWei
Comment options

@brandond
Comment options

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
3 participants