Add custom claims into bound service account JWT token?

awn · October 24, 2022, 4:31pm

I have a k8s cluster in EKS where pods are assigned bound service account tokens like so:

    volumeMounts:
    - mountPath: /test
      name: test
      readOnly: true
...
  volumes:
  - name: test
    projected:
      sources:
      - serviceAccountToken:
          path: test
          expirationSeconds: 7200
          audience: test

The resulting token includes some metadata like the namespace and pod name. Is it possible to add additional custom metadata into the JWT?

Topic		Replies	Views
Projected Volume for Service Accounts General Discussions	7	1565	October 3, 2019
Service account token not being mounted General Discussions	0	1285	April 29, 2019
Why are the secret content of the default serveraccount are mounted inside the pod? General Discussions	0	494	September 24, 2021
K8s RBAC serviceaccount with extended permissions General Discussions	3	857	December 26, 2019
Wrong "exp" date in projected serviceaccount token General Discussions	1	1058	October 15, 2021

Add custom claims into bound service account JWT token?

Related topics