The TokenRequest API enables the creation of tokens that aren’t persisted in the Secrets API, that are targeted for specific audiences (such as external secret stores), have configurable expiries, and are bindable to specific pods. These tokens are bound to specific containers. Because of this, they can be used as a means of container identity. The current service account tokens are shared among all replicas of a deployment and thusly, are not a good means of unique identity.

Continue reading

Author's picture

Shenle Lu

Cloud Native Enginner, Guitarist, Drummer. Sport Pilot

Senior DevOps Engineer

Beijing, China