kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #28570 from zshihang/main 

update doc for BoundServiceAccountTokenVolume ga
pull/28417/head
Kubernetes Prow Robot 2021-06-24 01:17:41 -07:00 committed by GitHub
parent e53208d4f3 3a9b198beb
commit 369169dbb3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
content/en/docs/reference/access-authn-authz/service-accounts-admin.md
View File

@ -62,10 +62,9 @@ It acts synchronously to modify pods as they are created or updated. When this p
#### Bound Service Account Token Volume
{{< feature-state for_k8s_version="v1.21" state="beta" >}}
{{< feature-state for_k8s_version="v1.22" state="stable" >}}
When the `BoundServiceAccountTokenVolume` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) is enabled, the service account admission controller will
add the following projected volume instead of a Secret-based volume for the non-expiring service account token created by Token Controller.
The ServiceAccount admission controller will add the following projected volume instead of a Secret-based volume for the non-expiring service account token created by Token Controller.
```yaml
- name: kube-api-access-<random-suffix>
@ -96,10 +95,6 @@ This projected volume consists of three sources:
See more details about [projected volumes](/docs/tasks/configure-pod-container/configure-projected-volume-storage/).
You can manually migrate a Secret-based service account volume to a projected volume when
the `BoundServiceAccountTokenVolume` feature gate is not enabled by adding the above
projected volume to the pod spec.
### Token Controller
TokenController runs as part of `kube-controller-manager`. It acts asynchronously. It:

5
content/en/docs/reference/command-line-tools-reference/feature-gates.md
View File

@ -59,8 +59,6 @@ different Kubernetes components.
| `AnyVolumeDataSource` | `false` | Alpha | 1.18 | |
| `AppArmor` | `true` | Beta | 1.4 | |
| `BalanceAttachedNodeVolumes` | `false` | Alpha | 1.11 | |
| `BoundServiceAccountTokenVolume` | `false` | Alpha | 1.13 | 1.20 |
| `BoundServiceAccountTokenVolume` | `true` | Beta | 1.21 | |
| `CPUManager` | `false` | Alpha | 1.8 | 1.9 |
| `CPUManager` | `true` | Beta | 1.10 | |
| `CSIInlineVolume` | `false` | Alpha | 1.15 | 1.15 |
@ -202,6 +200,9 @@ different Kubernetes components.
| `BlockVolume` | `false` | Alpha | 1.9 | 1.12 |
| `BlockVolume` | `true` | Beta | 1.13 | 1.17 |
| `BlockVolume` | `true` | GA | 1.18 | - |
| `BoundServiceAccountTokenVolume` | `false` | Alpha | 1.13 | 1.20 |
| `BoundServiceAccountTokenVolume` | `true` | Beta | 1.21 | 1.22 |
| `BoundServiceAccountTokenVolume` | `true` | GA | 1.22 | - |
| `CRIContainerLogRotation` | `false` | Alpha | 1.10 | 1.10 |
| `CRIContainerLogRotation` | `true` | Beta | 1.11 | 1.20 |
| `CRIContainerLogRotation` | `true` | GA | 1.21 | - |