Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Code blocks in configure-service-account.md #25969

Merged
merged 1 commit into from
Jan 6, 2021
Merged

Add Code blocks in configure-service-account.md #25969

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 8 additions & 5 deletions content/en/docs/tasks/configure-pod-container/configure-service-account.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,7 @@ You can list this and any other serviceAccount resources in the namespace with t
```shell
kubectl get serviceaccounts
```

The output is similar to this:

```
Expand All @@ -108,9 +109,10 @@ If you get a complete dump of the service account object, like this:
```shell
kubectl get serviceaccounts/build-robot -o yaml
```

The output is similar to this:

```
```yaml
apiVersion: v1
kind: ServiceAccount
metadata:
Expand Down Expand Up @@ -164,6 +166,7 @@ Any tokens for non-existent service accounts will be cleaned up by the token con
```shell
kubectl describe secrets/build-robot-secret
```

The output is similar to this:

```
Expand Down Expand Up @@ -227,7 +230,7 @@ kubectl get serviceaccounts default -o yaml > ./sa.yaml

The output of the `sa.yaml` file is similar to this:

```shell
```yaml
apiVersion: v1
kind: ServiceAccount
metadata:
Expand All @@ -244,7 +247,7 @@ Using your editor of choice (for example `vi`), open the `sa.yaml` file, delete

The output of the `sa.yaml` file is similar to this:

```shell
```yaml
apiVersion: v1
kind: ServiceAccount
metadata:
Expand Down Expand Up @@ -319,7 +322,8 @@ kubectl create -f https://k8s.io/examples/pods/pod-projected-svc-token.yaml
```

The kubelet will request and store the token on behalf of the pod, make the
token available to the pod at a configurable file path, and refresh the token as it approaches expiration. Kubelet proactively rotates the token if it is older than 80% of its total TTL, or if the token is older than 24 hours.
token available to the pod at a configurable file path, and refresh the token as it approaches expiration.
The kubelet proactively rotates the token if it is older than 80% of its total TTL, or if the token is older than 24 hours.

The application is responsible for reloading the token when it rotates. Periodic reloading (e.g. once every 5 minutes) is sufficient for most use cases.

Expand Down Expand Up @@ -380,7 +384,6 @@ JWKS URI is required to use the `https` scheme.

## {{% heading "whatsnext" %}}


See also:

- [Cluster Admin Guide to Service Accounts](/docs/reference/access-authn-authz/service-accounts-admin/)
Expand Down