From 202905c7aa26db29ec11d84b6ad7caaa9546c4c5 Mon Sep 17 00:00:00 2001
From: WanLinghao <wanlh.fnst@cn.fujitsu.com>
Date: Tue, 17 Jul 2018 13:25:37 +0800
Subject: [PATCH] Add descripitons of --service-account-max-token-expiration
 option (#9500)

---
 content/en/docs/concepts/storage/volumes.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/content/en/docs/concepts/storage/volumes.md b/content/en/docs/concepts/storage/volumes.md
index 57902008697e2..73671b7527236 100644
--- a/content/en/docs/concepts/storage/volumes.md
+++ b/content/en/docs/concepts/storage/volumes.md
@@ -772,9 +772,10 @@ in the audience of the token, and otherwise should reject the token. This field
 is optional and it defaults to the identifier of the API server.
 
 The `expirationSeconds` is the expected duration of validity of the service account
-token. It defaults to 1 hour and must be at least 10 minutes (600 seconds).
-The `path` field specifies a relative path to the mount point of the projected
-volume.
+token. It defaults to 1 hour and must be at least 10 minutes (600 seconds). An administrator
+can also limit its maximum value by specifying the `--service-account-max-token-expiration`
+option for the API server. The `path` field specifies a relative path to the mount point
+of the projected volume.
 
 {{< note >}}
 **Note:** A Container using a projected volume source as a [subPath](#using-subpath) volume mount will not