Kubernetes服务帐户签名密钥
我正在寻找用于对集群中的服务帐户令牌进行签名的私钥。有没有办法找到这个钥匙的路径或者打印出来Kubernetes服务帐户签名密钥,kubernetes,oauth-2.0,openid-connect,amazon-eks,Kubernetes,Oauth 2.0,Openid Connect,Amazon Eks,我正在寻找用于对集群中的服务帐户令牌进行签名的私钥。有没有办法找到这个钥匙的路径或者打印出来 说明启动期间用于提供密钥的标志,但没有关于当前使用密钥的信息。您可以检查传递给kube controller manager组件的–service account private key file参数的路径。这是令牌控制器用于签署服务帐户的密钥 –service-account-private-key-file string Filename containing a PEM-encoded priva
说明启动期间用于提供密钥的标志,但没有关于当前使用密钥的信息。您可以检查传递给kube controller manager组件的
–service account private key file–service-account-private-key-file string
Filename containing a PEM-encoded private RSA or ECDSA key used to sign service account tokens.
kube系统kube控制器管理器种类控制平面kubectl describe pod kube-controller-manager-kind-control-plane -n kube-system
Name: kube-controller-manager-kind-control-plane
Namespace: kube-system
Priority: 2000000000
Priority Class Name: system-cluster-critical
Node: kind-control-plane/172.17.0.2
Start Time: Tue, 14 Apr 2020 14:13:18 +0530
Labels: component=kube-controller-manager
tier=control-plane
Annotations: kubernetes.io/config.hash: 15e79e27a50d92dc481a5aaaad4399d8
kubernetes.io/config.mirror: 15e79e27a50d92dc481a5aaaad4399d8
kubernetes.io/config.seen: 2020-04-14T08:43:15.2951468Z
kubernetes.io/config.source: file
Status: Running
IP: 172.17.0.2
IPs:
IP: 172.17.0.2
Controlled By: Node/kind-control-plane
Containers:
kube-controller-manager:
Container ID: containerd://6423f4d70cf0af2be708315b1aa5d4cb038d73b00b63f3d759db60e75f1ebf56
Image: k8s.gcr.io/kube-controller-manager:v1.17.0
Image ID: sha256:7818d75a7d002a3c1bb6e9d8fe4416e75ee7df87b57585ab4f8ef01ccba1ddaa
Port: <none>
Host Port: <none>
Command:
kube-controller-manager
--allocate-node-cidrs=true
--authentication-kubeconfig=/etc/kubernetes/controller-manager.conf
--authorization-kubeconfig=/etc/kubernetes/controller-manager.conf
--bind-address=127.0.0.1
--client-ca-file=/etc/kubernetes/pki/ca.crt
--cluster-cidr=10.244.0.0/16
--cluster-signing-cert-file=/etc/kubernetes/pki/ca.crt
--cluster-signing-key-file=/etc/kubernetes/pki/ca.key
--controllers=*,bootstrapsigner,tokencleaner
--enable-hostpath-provisioner=true
--kubeconfig=/etc/kubernetes/controller-manager.conf
--leader-elect=true
--node-cidr-mask-size=24
--requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt
--root-ca-file=/etc/kubernetes/pki/ca.crt
--service-account-private-key-file=/etc/kubernetes/pki/sa.key
--service-cluster-ip-range=10.96.0.0/12
--use-service-account-credentials=true
kubectl描述吊舱kube控制器管理器种类控制飞机-n kube系统
名称:kube控制器管理器种类控制平面
名称空间:kube系统
优先权:2000000000
优先级类别名称:系统群集关键
节点:种类控制平面/172.17.0.2
开始时间:2020年4月14日星期二14:13:18+0530
标签:组件=kube控制器管理器
层=控制平面
注释:kubernetes.io/config.hash:15E79E27A50D92DC481A5AAD4399D8
kubernetes.io/config.mirror:15E79E27A50D92DC481A5AAD4399D8
kubernetes.io/config.seen:2020-04-14T08:43:15.2951468Z
kubernetes.io/config.source:文件
状态:正在运行
IP:172.17.0.2
IPs:
IP:172.17.0.2
控制者:节点/种类控制平面
容器:
kube控制员经理:
容器ID:containerd://6423f4d70cf0af2be708315b1aa5d4cb038d73b00b63f3d759db60e75f1ebf56
图:k8s.gcr.io/kube控制器管理器:v1.17.0
图像ID:sha256:7818D75A7D002A3C1BB6E9D8FE4416E75EE7DF87B5758AB4F8EF01CCBA1DDAA
端口:
主机端口:
命令:
库贝管制员经理
--分配节点CIDR=true
--身份验证kubeconfig=/etc/kubernetes/controller-manager.conf
--授权kubeconfig=/etc/kubernetes/controller-manager.conf
--绑定地址=127.0.0.1
--客户端ca文件=/etc/kubernetes/pki/ca.crt
--集群cidr=10.244.0.0/16
--群集签名证书文件=/etc/kubernetes/pki/ca.crt
--群集签名密钥文件=/etc/kubernetes/pki/ca.key
--控制器=*,引导签名器,令牌清理器
--启用hostpath provisioner=true
--kubeconfig=/etc/kubernetes/controller-manager.conf
--当选领导人=正确
--节点cidr掩码大小=24
--requestheader客户端ca文件=/etc/kubernetes/pki/front-proxy-ca.crt
--根ca文件=/etc/kubernetes/pki/ca.crt
--服务帐户私钥文件=/etc/kubernetes/pki/sa.key
--服务群集ip范围=10.96.0.0/12
--使用服务帐户凭据=true
/etc/kubernetes/pki/sa.key由于您在EKS管理的群集上,您将无法访问主节点。您可以检查传递给kube controller manager组件的
–service account private key file–service-account-private-key-file string
Filename containing a PEM-encoded private RSA or ECDSA key used to sign service account tokens.
kube系统kube控制器管理器种类控制平面kubectl describe pod kube-controller-manager-kind-control-plane -n kube-system
Name: kube-controller-manager-kind-control-plane
Namespace: kube-system
Priority: 2000000000
Priority Class Name: system-cluster-critical
Node: kind-control-plane/172.17.0.2
Start Time: Tue, 14 Apr 2020 14:13:18 +0530
Labels: component=kube-controller-manager
tier=control-plane
Annotations: kubernetes.io/config.hash: 15e79e27a50d92dc481a5aaaad4399d8
kubernetes.io/config.mirror: 15e79e27a50d92dc481a5aaaad4399d8
kubernetes.io/config.seen: 2020-04-14T08:43:15.2951468Z
kubernetes.io/config.source: file
Status: Running
IP: 172.17.0.2
IPs:
IP: 172.17.0.2
Controlled By: Node/kind-control-plane
Containers:
kube-controller-manager:
Container ID: containerd://6423f4d70cf0af2be708315b1aa5d4cb038d73b00b63f3d759db60e75f1ebf56
Image: k8s.gcr.io/kube-controller-manager:v1.17.0
Image ID: sha256:7818d75a7d002a3c1bb6e9d8fe4416e75ee7df87b57585ab4f8ef01ccba1ddaa
Port: <none>
Host Port: <none>
Command:
kube-controller-manager
--allocate-node-cidrs=true
--authentication-kubeconfig=/etc/kubernetes/controller-manager.conf
--authorization-kubeconfig=/etc/kubernetes/controller-manager.conf
--bind-address=127.0.0.1
--client-ca-file=/etc/kubernetes/pki/ca.crt
--cluster-cidr=10.244.0.0/16
--cluster-signing-cert-file=/etc/kubernetes/pki/ca.crt
--cluster-signing-key-file=/etc/kubernetes/pki/ca.key
--controllers=*,bootstrapsigner,tokencleaner
--enable-hostpath-provisioner=true
--kubeconfig=/etc/kubernetes/controller-manager.conf
--leader-elect=true
--node-cidr-mask-size=24
--requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt
--root-ca-file=/etc/kubernetes/pki/ca.crt
--service-account-private-key-file=/etc/kubernetes/pki/sa.key
--service-cluster-ip-range=10.96.0.0/12
--use-service-account-credentials=true
kubectl描述吊舱kube控制器管理器种类控制飞机-n kube系统
名称:kube控制器管理器种类控制平面
名称空间:kube系统
优先权:2000000000
优先级类别名称:系统群集关键
节点:种类控制平面/172.17.0.2
开始时间:2020年4月14日星期二14:13:18+0530
标签:组件=kube控制器管理器
层=控制平面
注释:kubernetes.io/config.hash:15E79E27A50D92DC481A5AAD4399D8
kubernetes.io/config.mirror:15E79E27A50D92DC481A5AAD4399D8
kubernetes.io/config.seen:2020-04-14T08:43:15.2951468Z
kubernetes.io/config.source:文件
状态:正在运行
IP:172.17.0.2
IPs:
IP:172.17.0.2
控制者:节点/种类控制平面
容器:
kube控制员经理:
容器ID:containerd://6423f4d70cf0af2be708315b1aa5d4cb038d73b00b63f3d759db60e75f1ebf56
图:k8s.gcr.io/kube控制器管理器:v1.17.0
图像ID:sha256:7818D75A7D002A3C1BB6E9D8FE4416E75EE7DF87B5758AB4F8EF01CCBA1DDAA
端口:
主机端口:
命令:
库贝管制员经理
--分配节点CIDR=true
--身份验证kubeconfig=/etc/kubernetes/controller-manager.conf
--授权kubeconfig=/etc/kubernetes/controller-manager.conf
--绑定地址=127.0.0.1
--客户端ca文件=/etc/kubernetes/pki/ca.crt
--集群cidr=10.244.0.0/16
--群集签名证书文件=/etc/kubernetes/pki/ca.crt
--群集签名密钥文件=/etc/kubernetes/pki/ca.key
--控制器=*,引导签名器,令牌清理器
--启用hostpath provisioner=true
--kubeconfig=/etc/kubernetes/controller-manager.conf
--当选领导人=正确
--节点cidr掩码大小=24
--requestheader客户端ca文件=/etc/kubernetes/pki/front-proxy-ca.crt
--根ca文件=/etc/kubernetes/pki/ca.crt
--服务帐户私钥文件=/etc/kubernetes/pki/sa.key
--服务群集ip范围=10.96.0.0/12
--使用服务帐户凭据=true
/etc/kubernetes/pki/sa.key