The issue as I understand it is that there is no way to encode this information in the Kubernetes token.
The pod IAM roles stuff leverages Kubernetes stuff, and the token that’s mounted into the container is a YAML representation of a Kubernetes token object. There are no fields or other way to add this information into the object.
You would need to encode it into the JWT itself, which isn’t possible or something.
I’m half remembering this, and I can’t find the issue on Guthub because everything has been shuffled around since.
The pod IAM roles stuff leverages Kubernetes stuff, and the token that’s mounted into the container is a YAML representation of a Kubernetes token object. There are no fields or other way to add this information into the object.
You would need to encode it into the JWT itself, which isn’t possible or something.
I’m half remembering this, and I can’t find the issue on Guthub because everything has been shuffled around since.