The controller manager creates service accounts, and creates tokens for them if given a `--service-account-private-key-file`
The API server must be given the corresponding public key to verify the tokens using `--service-account-key-file` Those tokens are automatically mounted into pods if you enable the ServiceAccount admission plugin. -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
