{"id":1363,"date":"2023-01-18T13:22:04","date_gmt":"2023-01-18T05:22:04","guid":{"rendered":"https:\/\/www.myway5.com\/?p=1363"},"modified":"2023-07-05T09:58:20","modified_gmt":"2023-07-05T01:58:20","slug":"k8s-1-24-serviceaccount-token-changes","status":"publish","type":"post","link":"https:\/\/www.myway5.com\/index.php\/2023\/01\/18\/k8s-1-24-serviceaccount-token-changes\/","title":{"rendered":"k8s 1.24 ServiceAccount Token \u7684\u884c\u4e3a\u53d8\u5316"},"content":{"rendered":"<h2>\u8d77\u56e0<\/h2>\n<p>\u6709\u4e00\u4e2a CNI \u7ec4\u4ef6\u4ee5 DaemonSet \u7684\u65b9\u5f0f\u8fd0\u884c\u5728\u6240\u6709\u7684 node \u4e0a\uff0c\u8fd9\u4e2a CNI Pod \u4f1a\u5c06\u81ea\u5df1\u7684 Service Account Token \u8f6c\u6362\u6210 kubeconfig \u5e76\u5b58\u50a8\u5230\u4e3b\u673a\u7684\u76ee\u5f55\u4e0b\u3002\u5f53 kubelet \u8c03\u7528 cni \u63d2\u4ef6\u65f6\uff0ccni \u63d2\u4ef6\u4f1a\u4f7f\u7528\u8fd9\u4e2a kubeconfig \u53bb\u83b7\u53d6\u96c6\u7fa4 Pod \u7684\u4e00\u4e9b\u4fe1\u606f\u3002<\/p>\n<p>\u5728 k8s 1.24 \u4e0a\u51fa\u73b0\u4e86\u95ee\u9898\uff0c\u5f53 CNI Pod \u91cd\u542f\u540e\uff0c\u4f7f\u7528\u751f\u6210\u7684 kubeconfig \u5c31\u4f1a\u8fd4\u56de Unauthorized \u7684\u9519\u8bef\uff0c\u5373\u8fd9\u4e2a token \u5df2\u7ecf\u8fc7\u4e0d\u4e86 APIServer \u7684\u8ba4\u8bc1\u4e86\u3002<\/p>\n<h2>\u539f\u56e0<\/h2>\n<p>k8s 1.24 \u4e0a\uff0cServiceAccount(\u4e0b\u6587\u7f29\u5199\u4e3a SA) \u7684 token \u751f\u6210\u903b\u8f91\u5df2\u7ecf\u53d1\u751f\u4e86\u53d8\u5316\uff0c\u4e0d\u518d\u4f1a\u81ea\u52a8\u4e3a SA \u751f\u6210 token \u5e76\u4fdd\u5b58\u5230 secret \u4e2d\uff0cPod \u4e2d\u4f7f\u7528 token \u65f6\u4e5f\u4e0d\u4f1a\u518d\u6302\u8f7d\u8fd9\u4e2a secret\u3002\u5f53 Pod \u4f7f\u7528 SA \u65f6\uff0c\u9ed8\u8ba4\u884c\u4e3a\u5982\u4e0b\uff1a<\/p>\n<ol>\n<li>Pod \u521b\u5efa\u51fa\u6765\u540e\uff0c\u5728 admission \u9636\u6bb5\uff0c\u6709\u4e00\u4e2a serviceaccount admission \u4f1a\u4e3a Pod \u6302\u8f7d token\uff0c\u8def\u5f84\u540c\u6837\u8fd8\u662f\u5728 <code>\/var\/run\/secrets\/kubernetes.io\/serviceaccount<\/code> \u4e0b\u3002\u4f46\u662f volume \u5b57\u6bb5\u4e0d\u518d\u662f\u901a\u8fc7 secret\uff0c\u800c\u662f\u901a\u8fc7 projected\u3002<\/li>\n<\/ol>\n<pre><code class=\"language-yaml line-numbers\">projected:\n  defaultMode: 420\n  sources:\n    # source \u7c7b\u578b\u662f serviceAccountToken\n  - serviceAccountToken:\n      expirationSeconds: 3607\n      path: token\n  - configMap:\n      items:\n      - key: ca.crt\n        path: ca.crt\n      name: kube-root-ca.crt\n  - downwardAPI:\n      items:\n      - fieldRef:\n          apiVersion: v1\n          fieldPath: metadata.namespace\n        path: namespace\n<\/code><\/pre>\n<ol>\n<li>Pod \u8c03\u5ea6\u5230 Node \u4e0a\u540e\uff0ckubelet \u4e2d\u7684 projected volume mounter \u4f1a\u6839\u636e volumesMount \u4e2d\u7684 volume \u7c7b\u578b\uff0c\u4e3a Pod \u6302\u8f7d\u5bf9\u5e94\u7684\u6587\u4ef6\u3002\u5f53\u53d1\u73b0\u5b58\u5728 ServiceAccountToken \u7c7b\u578b\u7684 projected source \u65f6\uff0c\u5c31\u4f1a\u8c03\u7528 apiserver \u7684 TokenRequest \u63a5\u53e3\uff0c\u4e3a\u5f53\u524d Pod \u8bf7\u6c42\u4e34\u65f6\u7684 Token\u3002\u5e76\u4e14\u8fd9\u4e2a token \u7684\u6709\u6548\u671f\u53ea\u6709 3607s\u3002kubelet \u4f1a\u81ea\u52a8\u5237\u65b0\u8fd9\u4e2a token \u6765\u4fdd\u8bc1\u5b83\u4e0d\u4f1a\u8fc7\u671f\u3002\n<pre><code class=\"language-go line-numbers\">case source.ServiceAccountToken != nil:\n            tp := source.ServiceAccountToken\n\n            \/\/ When FsGroup is set, we depend on SetVolumeOwnership to\n            \/\/ change from 0600 to 0640.\n            mode := *s.source.DefaultMode\n            if mounterArgs.FsUser != nil || mounterArgs.FsGroup != nil {\n                mode = 0600\n            }\n\n            var auds []string\n            if len(tp.Audience) != 0 {\n                auds = []string{tp.Audience}\n            }\n            tr, err := s.plugin.getServiceAccountToken(s.pod.Namespace, s.pod.Spec.ServiceAccountName, &amp;authenticationv1.TokenRequest{\n                Spec: authenticationv1.TokenRequestSpec{\n                    Audiences:         auds,\n                    ExpirationSeconds: tp.ExpirationSeconds,\n                    BoundObjectRef: &amp;authenticationv1.BoundObjectReference{\n                        APIVersion: \"v1\",\n                        Kind:       \"Pod\",\n                        Name:       s.pod.Name,\n                        UID:        s.pod.UID,\n                    },\n                },\n            })\n            if err != nil {\n                errlist = append(errlist, err)\n                continue\n            }\n            payload[tp.Path] = volumeutil.FileProjection{\n                Data:   []byte(tr.Status.Token),\n                Mode:   mode,\n                FsUser: mounterArgs.FsUser,\n            }\n<\/code><\/pre>\n<p>\u8fd9\u6837\u5e26\u6765\u7684\u597d\u5904\u5c31\u662f service account \u9ed8\u8ba4\u4e0d\u518d\u4f1a\u6709\u6c38\u4e45\u6027 token\uff0c\u800c\u662f\u6bcf\u4e2a Pod \u6709\u4e00\u4e2a\u4e34\u65f6\u7684 token\uff0c\u8fd9\u4e2a token \u9ed8\u8ba4\u6709\u6548\u671f\u662f 3607s\uff0c\u7531 kubelet \u81ea\u52a8\u5237\u65b0\u3002\u5e76\u4e14\u5f53 Pod \u5220\u9664\u540e\uff0c\u8be5 token \u4e5f\u4f1a\u81ea\u52a8\u5931\u6548\u3002\u8fd9\u5728\u5b89\u5168\u6027\u4e0a\u5e26\u6765\u4e86\u5f88\u5927\u7684\u63d0\u5347\u3002<\/p>\n<h2>\u89e3\u51b3<\/h2>\n<p>\u4e3a\u4e86\u548c\u4e4b\u524d\u7ec4\u4ef6\u7684\u884c\u4e3a\u4fdd\u6301\u4e00\u81f4\uff0c\u9700\u8981\u4fdd\u8bc1\u8fd9\u4e2a token \u662f\u6c38\u4e45\u6709\u6548\u7684\u3002\u6700\u7b80\u5355\u7684\u89e3\u51b3\u529e\u6cd5\u5c31\u662f\u624b\u52a8\u521b\u5efa service account \u7684 token secret\u3002\u4f8b\u5982\uff1a<\/p>\n<pre><code class=\"language-yaml line-numbers\">apiVersion: v1\nkind: Secret\n# \u8868\u793a\u8fd9\u4e2a secret \u7c7b\u578b\ntype: kubernetes.io\/service-account-token\nmetadata:\n  name: mycontroller\n  namespace: kube-system\n  annotations:\n    # service account \u540d\u79f0\n    kubernetes.io\/service-account.name: \"mycontroller\"\n<\/code><\/pre>\n<p>k8s \u7684 <code>tokens-controller<\/code> \u5728 watch \u5230\u8be5 secret \u65f6\uff0c\u4f1a\u53d1\u73b0 ca, namespace, token \u5b57\u6bb5\u5747\u4e3a\u7a7a\uff0c\u56e0\u6b64\u4f1a\u81ea\u52a8\u4e3a\u8be5 secret \u586b\u5145\u8fd9\u4e9b\u5b57\u6bb5\u3002\u8fd9\u6837\u6211\u4eec\u5c31\u83b7\u5f97\u4e86\u6c38\u4e45\u6027\u7684 token\uff0c\u5e76\u4f7f\u7528\u8be5 token \u751f\u6210 kubeconfig \u4e86\u3002<\/p>\n<pre><code class=\"language-go line-numbers\">func (e *TokensController) secretUpdateNeeded(secret *v1.Secret) (bool, bool, bool) {\n    caData := secret.Data[v1.ServiceAccountRootCAKey]\n    needsCA := len(e.rootCA) &gt; 0 &amp;&amp; !bytes.Equal(caData, e.rootCA)\n\n    needsNamespace := len(secret.Data[v1.ServiceAccountNamespaceKey]) == 0\n\n    tokenData := secret.Data[v1.ServiceAccountTokenKey]\n    needsToken := len(tokenData) == 0\n\n    return needsCA, needsNamespace, needsToken\n}\n<\/code><\/pre>\n<\/li>\n<\/ol>\n<h2>Token \u662f\u5982\u4f55\u505a\u8eab\u4efd\u8ba4\u8bc1\u7684<\/h2>\n<p>service account token \u5728\u4e0d\u540c\u7248\u672c\u4e0b\u7684\u884c\u4e3a\u4e0d\u540c\uff0c\u90a3\u4e48 token \u672c\u8eab\u53c8\u662f\u5982\u4f55\u505a\u8eab\u4efd\u8ba4\u8bc1\u7684\u5462\uff1f<\/p>\n<p>token \u662f\u4e00\u4e2a\u7b26\u5408 JWT \u89c4\u8303\u7684\u5b57\u7b26\u4e32\u3002<\/p>\n<p>\u5bf9\u4e8e\u6c38\u4e45\u6027 token \u6765\u8bf4\uff0c\u5176\u4e2d\u4fdd\u5b58\u4e86 service account \u7684\u4fe1\u606f\u3002<\/p>\n<pre><code class=\"language-json line-numbers\">{\n  \"iss\": \"kubernetes\/serviceaccount\",\n  \"kubernetes.io\/serviceaccount\/namespace\": \"kube-system\",\n  \"kubernetes.io\/serviceaccount\/secret.name\": \"mycontroller\",\n  \"kubernetes.io\/serviceaccount\/service-account.name\": \"mycontroller\",\n  \"kubernetes.io\/serviceaccount\/service-account.uid\": \"2f0ab840-064c-4168-b9b2-932c361e13d6\",\n  \"sub\": \"system:serviceaccount:kube-system:mycontroller\"\n}\n<\/code><\/pre>\n<p>apiserver \u5728\u83b7\u53d6\u5230\u8fd9\u4e2a token \u540e\uff0c\u6839\u636e JWT \u7684\u89c4\u8303\u5bf9\u5185\u5bb9\u8fdb\u884c\u5b8c\u6574\u6027\u6821\u9a8c\u3002\u6821\u9a8c\u901a\u8fc7\u540e\u5c31\u6839\u636e token \u4e2d service account \u8fdb\u884c\u8ba4\u8bc1\u9274\u6743\u4e86\u3002<\/p>\n<p>\u5bf9\u4e8e\u4e34\u65f6\u6027(pod) token \u6765\u8bf4\uff0c\u5185\u5bb9\u5c31\u7a0d\u6709\u4e0d\u540c\u4e86\u3002<\/p>\n<pre><code class=\"language-json line-numbers\">{\n  \"aud\": [\n    \"https:\/\/kubernetes.default.svc.cluster.local\"\n  ],\n  \"exp\": 1705344168,\n  \"iat\": 1673808168,\n  \"iss\": \"https:\/\/kubernetes.default.svc.cluster.local\",\n  \"kubernetes.io\": {\n    \"namespace\": \"kube-system\",\n    \"pod\": {\n      \"name\": \"mycontroller-lr99n\",\n      \"uid\": \"f8a3c6c7-c41c-4a33-9329-f40d208a03e6\"\n    },\n    \"serviceaccount\": {\n      \"name\": \"mycontroller\",\n      \"uid\": \"2f0ab840-064c-4168-b9b2-932c361e13d6\"\n    },\n    \"warnafter\": 1673811775\n  },\n  \"nbf\": 1673808168,\n  \"sub\": \"system:serviceaccount:kube-system:mycontroller\"\n}\n<\/code><\/pre>\n<p>\u53ef\u4ee5\u770b\u5230 token \u4e2d\u9664\u4e86 service account \u7684\u4fe1\u606f\uff0c\u8fd8\u6709 pod \u7684\u4fe1\u606f\u3002\u8fd9\u6837 token \u7684\u6709\u6548\u671f\u662f\u7531 pod \u7684\u751f\u547d\u5468\u671f\u4ee5\u53ca nbf, exp \u6765\u786e\u5b9a\u4e86\u3002nbf \u4ee3\u8868 <code>Not valid before<\/code>\uff0cexp \u4ee3\u8868 <code>Expiration time<\/code>\uff0c\u90fd\u662f\u4f7f\u7528 unix time \u6765\u4fdd\u5b58\u7684\u3002\u5e76\u4e14\u5728 pod \u5220\u9664\u540e\uff0ctoken \u5c31\u81ea\u52a8\u5931\u6548\u4e86\u3002\u540c\u65f6\u9274\u6743\u8fd8\u662f\u4f7f\u7528 service account \u8fdb\u884c\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u8d77\u56e0 \u6709\u4e00\u4e2a CNI \u7ec4\u4ef6\u4ee5 DaemonSet \u7684\u65b9\u5f0f\u8fd0\u884c\u5728\u6240\u6709\u7684 node \u4e0a\uff0c\u8fd9\u4e2a CNI Pod \u4f1a\u5c06 &hellip; <a href=\"https:\/\/www.myway5.com\/index.php\/2023\/01\/18\/k8s-1-24-serviceaccount-token-changes\/\" class=\"more-link\">\u7ee7\u7eed\u9605\u8bfb<span class=\"screen-reader-text\">k8s 1.24 ServiceAccount Token \u7684\u884c\u4e3a\u53d8\u5316<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[89],"tags":[104,125],"class_list":["post-1363","post","type-post","status-publish","format-standard","hentry","category-k8s","tag-k8s","tag-service-account"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>k8s 1.24 ServiceAccount Token \u7684\u884c\u4e3a\u53d8\u5316 - \u4e00\u53ea\u5b89\u9759\u7684\u732b<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.myway5.com\/index.php\/2023\/01\/18\/k8s-1-24-serviceaccount-token-changes\/\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"k8s 1.24 ServiceAccount Token \u7684\u884c\u4e3a\u53d8\u5316 - \u4e00\u53ea\u5b89\u9759\u7684\u732b\" \/>\n<meta property=\"og:description\" content=\"\u8d77\u56e0 \u6709\u4e00\u4e2a CNI \u7ec4\u4ef6\u4ee5 DaemonSet \u7684\u65b9\u5f0f\u8fd0\u884c\u5728\u6240\u6709\u7684 node \u4e0a\uff0c\u8fd9\u4e2a CNI Pod \u4f1a\u5c06 &hellip; \u7ee7\u7eed\u9605\u8bfbk8s 1.24 ServiceAccount Token \u7684\u884c\u4e3a\u53d8\u5316\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.myway5.com\/index.php\/2023\/01\/18\/k8s-1-24-serviceaccount-token-changes\/\" \/>\n<meta property=\"og:site_name\" content=\"\u4e00\u53ea\u5b89\u9759\u7684\u732b\" \/>\n<meta property=\"article:published_time\" content=\"2023-01-18T05:22:04+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-07-05T01:58:20+00:00\" \/>\n<meta name=\"author\" content=\"jiangpengfei\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"jiangpengfei\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.myway5.com\/index.php\/2023\/01\/18\/k8s-1-24-serviceaccount-token-changes\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.myway5.com\/index.php\/2023\/01\/18\/k8s-1-24-serviceaccount-token-changes\/\"},\"author\":{\"name\":\"jiangpengfei\",\"@id\":\"https:\/\/www.myway5.com\/#\/schema\/person\/b19267e8b106343431e163ec96950685\"},\"headline\":\"k8s 1.24 ServiceAccount Token \u7684\u884c\u4e3a\u53d8\u5316\",\"datePublished\":\"2023-01-18T05:22:04+00:00\",\"dateModified\":\"2023-07-05T01:58:20+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.myway5.com\/index.php\/2023\/01\/18\/k8s-1-24-serviceaccount-token-changes\/\"},\"wordCount\":128,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.myway5.com\/#\/schema\/person\/b19267e8b106343431e163ec96950685\"},\"keywords\":[\"k8s\",\"service account\"],\"articleSection\":[\"k8s\"],\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.myway5.com\/index.php\/2023\/01\/18\/k8s-1-24-serviceaccount-token-changes\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.myway5.com\/index.php\/2023\/01\/18\/k8s-1-24-serviceaccount-token-changes\/\",\"url\":\"https:\/\/www.myway5.com\/index.php\/2023\/01\/18\/k8s-1-24-serviceaccount-token-changes\/\",\"name\":\"k8s 1.24 ServiceAccount Token \u7684\u884c\u4e3a\u53d8\u5316 - \u4e00\u53ea\u5b89\u9759\u7684\u732b\",\"isPartOf\":{\"@id\":\"https:\/\/www.myway5.com\/#website\"},\"datePublished\":\"2023-01-18T05:22:04+00:00\",\"dateModified\":\"2023-07-05T01:58:20+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.myway5.com\/index.php\/2023\/01\/18\/k8s-1-24-serviceaccount-token-changes\/#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.myway5.com\/index.php\/2023\/01\/18\/k8s-1-24-serviceaccount-token-changes\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.myway5.com\/index.php\/2023\/01\/18\/k8s-1-24-serviceaccount-token-changes\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.myway5.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"k8s 1.24 ServiceAccount Token \u7684\u884c\u4e3a\u53d8\u5316\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.myway5.com\/#website\",\"url\":\"https:\/\/www.myway5.com\/\",\"name\":\"\u4e00\u53ea\u5b89\u9759\u7684\u732b\",\"description\":\"\u60f3\u5565\u5462\",\"publisher\":{\"@id\":\"https:\/\/www.myway5.com\/#\/schema\/person\/b19267e8b106343431e163ec96950685\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.myway5.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"zh-Hans\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/www.myway5.com\/#\/schema\/person\/b19267e8b106343431e163ec96950685\",\"name\":\"jiangpengfei\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.myway5.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f8c7de757f6e0247412bcfd31b7c2271?s=96&d=monsterid&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f8c7de757f6e0247412bcfd31b7c2271?s=96&d=monsterid&r=g\",\"caption\":\"jiangpengfei\"},\"logo\":{\"@id\":\"https:\/\/www.myway5.com\/#\/schema\/person\/image\/\"},\"url\":\"https:\/\/www.myway5.com\/index.php\/author\/joyme\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"k8s 1.24 ServiceAccount Token \u7684\u884c\u4e3a\u53d8\u5316 - \u4e00\u53ea\u5b89\u9759\u7684\u732b","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.myway5.com\/index.php\/2023\/01\/18\/k8s-1-24-serviceaccount-token-changes\/","og_locale":"zh_CN","og_type":"article","og_title":"k8s 1.24 ServiceAccount Token \u7684\u884c\u4e3a\u53d8\u5316 - \u4e00\u53ea\u5b89\u9759\u7684\u732b","og_description":"\u8d77\u56e0 \u6709\u4e00\u4e2a CNI \u7ec4\u4ef6\u4ee5 DaemonSet \u7684\u65b9\u5f0f\u8fd0\u884c\u5728\u6240\u6709\u7684 node \u4e0a\uff0c\u8fd9\u4e2a CNI Pod \u4f1a\u5c06 &hellip; \u7ee7\u7eed\u9605\u8bfbk8s 1.24 ServiceAccount Token \u7684\u884c\u4e3a\u53d8\u5316","og_url":"https:\/\/www.myway5.com\/index.php\/2023\/01\/18\/k8s-1-24-serviceaccount-token-changes\/","og_site_name":"\u4e00\u53ea\u5b89\u9759\u7684\u732b","article_published_time":"2023-01-18T05:22:04+00:00","article_modified_time":"2023-07-05T01:58:20+00:00","author":"jiangpengfei","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"jiangpengfei","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"3 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.myway5.com\/index.php\/2023\/01\/18\/k8s-1-24-serviceaccount-token-changes\/#article","isPartOf":{"@id":"https:\/\/www.myway5.com\/index.php\/2023\/01\/18\/k8s-1-24-serviceaccount-token-changes\/"},"author":{"name":"jiangpengfei","@id":"https:\/\/www.myway5.com\/#\/schema\/person\/b19267e8b106343431e163ec96950685"},"headline":"k8s 1.24 ServiceAccount Token \u7684\u884c\u4e3a\u53d8\u5316","datePublished":"2023-01-18T05:22:04+00:00","dateModified":"2023-07-05T01:58:20+00:00","mainEntityOfPage":{"@id":"https:\/\/www.myway5.com\/index.php\/2023\/01\/18\/k8s-1-24-serviceaccount-token-changes\/"},"wordCount":128,"commentCount":0,"publisher":{"@id":"https:\/\/www.myway5.com\/#\/schema\/person\/b19267e8b106343431e163ec96950685"},"keywords":["k8s","service account"],"articleSection":["k8s"],"inLanguage":"zh-Hans","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.myway5.com\/index.php\/2023\/01\/18\/k8s-1-24-serviceaccount-token-changes\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.myway5.com\/index.php\/2023\/01\/18\/k8s-1-24-serviceaccount-token-changes\/","url":"https:\/\/www.myway5.com\/index.php\/2023\/01\/18\/k8s-1-24-serviceaccount-token-changes\/","name":"k8s 1.24 ServiceAccount Token \u7684\u884c\u4e3a\u53d8\u5316 - \u4e00\u53ea\u5b89\u9759\u7684\u732b","isPartOf":{"@id":"https:\/\/www.myway5.com\/#website"},"datePublished":"2023-01-18T05:22:04+00:00","dateModified":"2023-07-05T01:58:20+00:00","breadcrumb":{"@id":"https:\/\/www.myway5.com\/index.php\/2023\/01\/18\/k8s-1-24-serviceaccount-token-changes\/#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.myway5.com\/index.php\/2023\/01\/18\/k8s-1-24-serviceaccount-token-changes\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.myway5.com\/index.php\/2023\/01\/18\/k8s-1-24-serviceaccount-token-changes\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.myway5.com\/"},{"@type":"ListItem","position":2,"name":"k8s 1.24 ServiceAccount Token \u7684\u884c\u4e3a\u53d8\u5316"}]},{"@type":"WebSite","@id":"https:\/\/www.myway5.com\/#website","url":"https:\/\/www.myway5.com\/","name":"\u4e00\u53ea\u5b89\u9759\u7684\u732b","description":"\u60f3\u5565\u5462","publisher":{"@id":"https:\/\/www.myway5.com\/#\/schema\/person\/b19267e8b106343431e163ec96950685"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.myway5.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"zh-Hans"},{"@type":["Person","Organization"],"@id":"https:\/\/www.myway5.com\/#\/schema\/person\/b19267e8b106343431e163ec96950685","name":"jiangpengfei","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.myway5.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f8c7de757f6e0247412bcfd31b7c2271?s=96&d=monsterid&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f8c7de757f6e0247412bcfd31b7c2271?s=96&d=monsterid&r=g","caption":"jiangpengfei"},"logo":{"@id":"https:\/\/www.myway5.com\/#\/schema\/person\/image\/"},"url":"https:\/\/www.myway5.com\/index.php\/author\/joyme\/"}]}},"views":9024,"_links":{"self":[{"href":"https:\/\/www.myway5.com\/index.php\/wp-json\/wp\/v2\/posts\/1363","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.myway5.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.myway5.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.myway5.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.myway5.com\/index.php\/wp-json\/wp\/v2\/comments?post=1363"}],"version-history":[{"count":2,"href":"https:\/\/www.myway5.com\/index.php\/wp-json\/wp\/v2\/posts\/1363\/revisions"}],"predecessor-version":[{"id":1370,"href":"https:\/\/www.myway5.com\/index.php\/wp-json\/wp\/v2\/posts\/1363\/revisions\/1370"}],"wp:attachment":[{"href":"https:\/\/www.myway5.com\/index.php\/wp-json\/wp\/v2\/media?parent=1363"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.myway5.com\/index.php\/wp-json\/wp\/v2\/categories?post=1363"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.myway5.com\/index.php\/wp-json\/wp\/v2\/tags?post=1363"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}