This repo contains example deployment manifest and basic example services that use the TokenRequest and TokenReview APIs. This is a companion to the blog post here go-client
was intentionally not used to make building the demo services as easy as possible and not required any dependencies.
- Container makes request for a bound service account token via TokenRequest API. In the demo I am using volume projection to handle the fetching of the token on my behalf which is not pictured
- API returns a token
token-client
Pod makes service to service call to thetoken-server
Podtoken-server
Pod validates auth token in http request against the TokenReview API- API responds with validation data about the request token.
- If token is valid
token-server
responds totoken-client
with request payload.