Added Docs for Service Account Token Volume PProjection

Signed-off-by: Jonathan Meyers <jonathan@cybrary.it>
2020-03-05 11:10:14 +01:00 · 2020-03-05 11:10:14 +01:00 · b83dcdd1be
parent 36e565649c
commit b83dcdd1be
2 changed files with 15 additions and 0 deletions
--- a/docs/README.md
+++ b/docs/README.md
@ -65,6 +65,7 @@
 * [Label management](labels.md)
    * for cluster nodes
 * [Secret management](secrets.md)
+* [Service Account Token Volume Projection](operations/service_account_token_volumes.md)
 * [Moving from a Single Master to Multiple HA Masters](single-to-multi-master.md)
 * [Upgrading Kubernetes](tutorial/upgrading-kubernetes.md)
 * [Working with Instance Groups](tutorial/working-with-instancegroups.md)
--- a/docs/operations/service_account_token_volumes.md
+++ b/docs/operations/service_account_token_volumes.md
@ -0,0 +1,14 @@
+Some services, such as istio and Envoy's Secrect Discovery Service (SDS), take advantage of a new feature in kubernetes 1.13+, [Service Account Token Volume Projection](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection).
+
+
+1. In order to enable this feaute for kubernetes 1.12+, add the following config to your cluster spec:
+
+    kubeAPIServer:
+        apiAudiences:
+        - api
+        - istio-ca
+        serviceAccountIssuer: kubernetes.default.svc
+        serviceAccountKeyFile:
+        - /srv/kubernetes/server.key
+        serviceAccountSigningKeyFile: /srv/kubernetes/server.key
+