Service Account Token Volume

Some services, such as istio and Envoy's Secrect Discovery Service (SDS), take advantage of a new feature in kubernetes 1.13+, Service Account Token Volume Projection.

  • In order to enable this feature for kubernetes 1.12+, add the following config to your cluster spec:
  1.     kubeAPIServer:
  2.         apiAudiences:
  3.         - api
  4.         - istio-ca
  5.         serviceAccountIssuer: kubernetes.default.svc
  6.         serviceAccountKeyFile:
  7.         - /srv/kubernetes/server.key
  8.         serviceAccountSigningKeyFile: /srv/kubernetes/server.key