This repo contains example deployment manifest and basic example services that use the TokenRequest and TokenReview APIs. This is a companion to the blog post here go-client was intentionally not used to make building the demo services as easy as possible and not required any dependencies.
- Container makes request for a bound service account token via TokenRequest API. In the demo I am using volume projection to handle the fetching of the token on my behalf which is not pictured
- API returns a token
token-clientPod makes service to service call to thetoken-serverPodtoken-serverPod validates auth token in http request against the TokenReview API- API responds with validation data about the request token.
- If token is valid
token-serverresponds totoken-clientwith request payload.