From 72a76af763a0a797e0d84a308dc1fa45873bb79a Mon Sep 17 00:00:00 2001 From: Ken'ichi Ohmichi Date: Wed, 11 Jul 2018 18:38:55 +0000 Subject: [PATCH] Trivial: Make the authentication doc consistent On the content, user categories are defined as service account and normal user. However regular user is written at one place instead of normal user. This replaces the regular user with normal user for the consistency. The option --authentication-token-webhook-config-file is for specifying the configuration file which uses the kubeconfig file format, so this replaces kubeconfig with configuration for avoiding confusions. The last change is updating the order of 'clusters' and 'users' for fitting the following example to read easily. --- .../docs/reference/access-authn-authz/authentication.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/content/en/docs/reference/access-authn-authz/authentication.md b/content/en/docs/reference/access-authn-authz/authentication.md index 1ccf0331c698c..3af6e50d214ad 100644 --- a/content/en/docs/reference/access-authn-authz/authentication.md +++ b/content/en/docs/reference/access-authn-authz/authentication.md @@ -23,7 +23,7 @@ by Kubernetes, and normal users. Normal users are assumed to be managed by an outside, independent service. An admin distributing private keys, a user store like Keystone or Google Accounts, even a file with a list of usernames and passwords. In this regard, _Kubernetes -does not have objects which represent normal user accounts._ Regular users +does not have objects which represent normal user accounts._ Normal users cannot be added to a cluster through an API call. In contrast, service accounts are users managed by the Kubernetes API. They are @@ -400,12 +400,12 @@ kubectl --token=eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL21sYi50cmVtb2xvLmxhbjo Webhook authentication is a hook for verifying bearer tokens. -* `--authentication-token-webhook-config-file` a kubeconfig file describing how to access the remote webhook service. +* `--authentication-token-webhook-config-file` a configuration file describing how to access the remote webhook service. * `--authentication-token-webhook-cache-ttl` how long to cache authentication decisions. Defaults to two minutes. The configuration file uses the [kubeconfig](/docs/concepts/cluster-administration/authenticate-across-clusters-kubeconfig/) -file format. Within the file `users` refers to the API server webhook and -`clusters` refers to the remote service. An example would be: +file format. Within the file, `clusters` refers to the remote service and +`users` refers to the API server webhook. An example would be: ```yaml # clusters refers to the remote service.