In any given POD, service account token is is mounted at location.
/var/run/secrets/kubernetes.io/serviceaccount/token
I want to understand how this token is signed. What keys are used while signing this token by Kubernetes? How to get access to public key that can help in offline signature validation
/var/run/secrets/kubernetes.io/serviceaccount/ca.crt - I tried signature validation with the public key associated with this certificate. This does not seem to work.
Appreciate any help on this.
