TokenRequest

TokenRequest requests a token for a given service account.

kind: TokenRequest
metadata (ObjectMeta)

Standard object’s metadata. More info:
spec (TokenRequestSpec), required

Spec holds information about the request being evaluated
status ()

Status is filled in by the server and indicates whether the token can be authenticated.

TokenRequestSpec contains client provided parameters of a token request.

audiences ([]string), required

Audiences are the intendend audiences of the token. A recipient of a token must identitfy themself with an identifier in the list of audiences of the token, and otherwise should reject the token. A token issued for multiple audiences may be used to authenticate against any of the audiences listed but implies a high degree of trust between the target audiences.
boundObjectRef (BoundObjectReference)

BoundObjectReference is a reference to an object that a token is bound to.
- boundObjectRef.apiVersion (string)
  
  API version of the referent.
- boundObjectRef.kind (string)
  
  Kind of the referent. Valid kinds are ‘Pod’ and ‘Secret’.
- boundObjectRef.uid (string)
  
  UID of the referent.
expirationSeconds (int64)

ExpirationSeconds is the requested duration of validity of the request. The token issuer may return a token with a different validity duration so a client needs to check the ‘expiration’ field in a response.

TokenRequestStatus is the result of a token request.

expirationTimestamp (Time), required

ExpirationTimestamp is the time of expiration of the returned token.

Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Token is the opaque bearer token.

POST /api/v1/namespaces/{namespace}/serviceaccounts/{name}/token

200 (): OK

201 (TokenRequest): Created

401: Unauthorized