Asking for help? Comment out what you need so we can get more information to help you!
Cluster information:
Kubernetes version: v1.18
Cloud being used: IBM Cloud
Installation method: cloud provisioning
Host OS: Ubuntu
CNI and version:
CRI and version:
I’m trying to find out the JWKS URL of the apiserver to find pub key to valid service account token in a deployed app. but when issuing a CURL command from a pod, I got:
$ curl -k -H "Authorization: Bearer $(cat /run/secrets/kubernetes.io/serviceaccount/token)" https://kubernetes.default/openid/v1/jwks
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {
},
"status": "Failure",
"message": "forbidden: User \"system:serviceaccount:<removed>:default\" cannot get path \"/.well-known/openid-configuration\"",
"reason": "Forbidden",
"details": {
},
"code": 403
}