TokenRequest

    TokenRequest requests a token for a given service account.


    TokenRequestSpec contains client provided parameters of a token request.


    • audiences ([]string), required

      Audiences are the intendend audiences of the token. A recipient of a token must identify themself with an identifier in the list of audiences of the token, and otherwise should reject the token. A token issued for multiple audiences may be used to authenticate against any of the audiences listed but implies a high degree of trust between the target audiences.

    • boundObjectRef (BoundObjectReference)

      BoundObjectRef is a reference to an object that the token will be bound to. The token will only be valid for as long as the bound object exists. NOTE: The API server’s TokenReview endpoint will validate the BoundObjectRef, but other audiences may not. Keep ExpirationSeconds small if you want prompt revocation.

      • boundObjectRef.apiVersion (string)

        API version of the referent.

      • boundObjectRef.kind (string)

        Kind of the referent. Valid kinds are ‘Pod’ and ‘Secret’.

      • boundObjectRef.name (string)

        Name of the referent.

      • boundObjectRef.uid (string)

        UID of the referent.

    TokenRequestStatus is the result of a token request.


    • expirationTimestamp (Time), required

      ExpirationTimestamp is the time of expiration of the returned token.

      Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.

    • token (string), required

      Token is the opaque bearer token.


    HTTP Request

    Parameters

    • name (in path): string, required

      name of the TokenRequest

    • namespace (in path): string, required

    • body: TokenRequest, required

    • dryRun (in query): string

    • fieldManager (in query): string

      fieldManager

    • fieldValidation (in query): string

    • pretty (in query): string

      pretty

    Response

    200 (TokenRequest): OK

    201 (): Created

    202 (TokenRequest): Accepted