kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #25969 from ydFu/add-code-blocks-in-configure-service-account 

Add Code blocks in configure-service-account.md
pull/25979/head
Kubernetes Prow Robot 2021-01-06 07:37:52 -08:00 committed by GitHub
parent d897a03b38 8a479c01e8
commit 8fea26ecba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
content/en/docs/tasks/configure-pod-container/configure-service-account.md
View File

@ -82,6 +82,7 @@ You can list this and any other serviceAccount resources in the namespace with t
```shell ```shell
kubectl get serviceaccounts kubectl get serviceaccounts
``` ```
The output is similar to this: The output is similar to this:
``` ```
@ -108,9 +109,10 @@ If you get a complete dump of the service account object, like this:
```shell ```shell
kubectl get serviceaccounts/build-robot -o yaml kubectl get serviceaccounts/build-robot -o yaml
``` ```
The output is similar to this: The output is similar to this:
``` ```yaml
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
@ -164,6 +166,7 @@ Any tokens for non-existent service accounts will be cleaned up by the token con
```shell ```shell
kubectl describe secrets/build-robot-secret kubectl describe secrets/build-robot-secret
``` ```
The output is similar to this: The output is similar to this:
``` ```
@ -227,7 +230,7 @@ kubectl get serviceaccounts default -o yaml > ./sa.yaml
The output of the `sa.yaml` file is similar to this: The output of the `sa.yaml` file is similar to this:
```shell ```yaml
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
@ -244,7 +247,7 @@ Using your editor of choice (for example `vi`), open the `sa.yaml` file, delete
The output of the `sa.yaml` file is similar to this: The output of the `sa.yaml` file is similar to this:
```shell ```yaml
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
@ -319,7 +322,8 @@ kubectl create -f https://k8s.io/examples/pods/pod-projected-svc-token.yaml
``` ```
The kubelet will request and store the token on behalf of the pod, make the The kubelet will request and store the token on behalf of the pod, make the
token available to the pod at a configurable file path, and refresh the token as it approaches expiration. Kubelet proactively rotates the token if it is older than 80% of its total TTL, or if the token is older than 24 hours. token available to the pod at a configurable file path, and refresh the token as it approaches expiration.
The kubelet proactively rotates the token if it is older than 80% of its total TTL, or if the token is older than 24 hours.
The application is responsible for reloading the token when it rotates. Periodic reloading (e.g. once every 5 minutes) is sufficient for most use cases. The application is responsible for reloading the token when it rotates. Periodic reloading (e.g. once every 5 minutes) is sufficient for most use cases.
@ -380,7 +384,6 @@ JWKS URI is required to use the `https` scheme.
## {{% heading "whatsnext" %}} ## {{% heading "whatsnext" %}}
See also: See also:
- [Cluster Admin Guide to Service Accounts](/docs/reference/access-authn-authz/service-accounts-admin/) - [Cluster Admin Guide to Service Accounts](/docs/reference/access-authn-authz/service-accounts-admin/)