diff --git a/content/zh/docs/tasks/configure-pod-container/configure-service-account.md b/content/zh/docs/tasks/configure-pod-container/configure-service-account.md index 22cc4d2a92f60..4c33eee4831a1 100644 --- a/content/zh/docs/tasks/configure-pod-container/configure-service-account.md +++ b/content/zh/docs/tasks/configure-pod-container/configure-service-account.md @@ -125,6 +125,14 @@ You can list this and any other serviceAccount resources in the namespace with t ```shell kubectl get serviceAccounts +``` + + +输出类似于: + +``` NAME SECRETS AGE default 1 1d ``` @@ -141,9 +149,15 @@ kind: ServiceAccount metadata: name: build-robot EOF -serviceaccount/build-robot created ``` + +ServiceAccount 对象的名字必须是一个有效的 +[DNS 子域名](/zh/docs/concepts/overview/working-with-objects/names#dns-subdomain-names). + @@ -151,6 +165,14 @@ If you get a complete dump of the service account object, like this: ```shell kubectl get serviceaccounts/build-robot -o yaml +``` + + +输出类似于: + +```yaml apiVersion: v1 kind: ServiceAccount metadata: @@ -229,6 +251,14 @@ Any tokens for non-existent service accounts will be cleaned up by the token con ```shell kubectl describe secrets/build-robot-secret +``` + + +输出类似于: + +``` Name: build-robot-secret Namespace: default Labels: @@ -384,23 +414,26 @@ myregistrykey --> ## 服务帐户令牌卷投射 {#service-account-token-volume-projection} -{{< feature-state for_k8s_version="v1.12" state="beta" >}} +{{< feature-state for_k8s_version="v1.20" state="stable" >}} {{< note >}} -ServiceAccountTokenVolumeProjection 在 1.12 版本中是 __beta__ 阶段, -可以通过向 API 服务器传递以下所有参数来启用它: +为了启用令牌请求投射,你必须为 `kube-apiserver` 设置以下命令行参数: * `--service-account-issuer` +* `--service-account-key-file` * `--service-account-signing-key-file` -* `--service-account-api-audiences` +* `--api-audiences` + {{< /note >}} @@ -455,7 +489,7 @@ The application is responsible for reloading the token when it rotates. Periodic --> ## 发现服务账号分发者 -{{< feature-state for_k8s_version="v1.18" state="alpha" >}} +{{< feature-state for_k8s_version="v1.20" state="beta" >}}