Add custom claims into bound service account JWT token?

awn · October 24, 2022, 4:31pm

I have a k8s cluster in EKS where pods are assigned bound service account tokens like so:

    volumeMounts:
    - mountPath: /test
      name: test
      readOnly: true
...
  volumes:
  - name: test
    projected:
      sources:
      - serviceAccountToken:
          path: test
          expirationSeconds: 7200
          audience: test

The resulting token includes some metadata like the namespace and pod name. Is it possible to add additional custom metadata into the JWT?

Topic		Replies	Views
Projected Volume for Service Accounts General Discussions	7	1319	October 3, 2019
Why are the secret content of the default serveraccount are mounted inside the pod? General Discussions	0	426	September 24, 2021
Can you have two containers in a pod have different service accounts? General Discussions	0	1249	February 23, 2022
Restrict specific service account in a namespace General Discussions	1	1274	February 24, 2021
Custom resource limitation microk8s kubernetes-custom-resources	0	139	February 14, 2024

Add custom claims into bound service account JWT token?

Related Topics