From 8a479c01e8ab733964bb8b52749f0ddd9aab8aa6 Mon Sep 17 00:00:00 2001 From: ydFu Date: Tue, 5 Jan 2021 17:19:12 +0800 Subject: [PATCH] Add Code blocks in configure-service-account.md * Add Code blocks in the Markdown spec to make it easy to read. * Uniform case and adjustment description for smoother writing. Signed-off-by: ydFu --- .../configure-service-account.md | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/content/en/docs/tasks/configure-pod-container/configure-service-account.md b/content/en/docs/tasks/configure-pod-container/configure-service-account.md index 4cd5eaa905dc3..ca3d0b2966f50 100644 --- a/content/en/docs/tasks/configure-pod-container/configure-service-account.md +++ b/content/en/docs/tasks/configure-pod-container/configure-service-account.md @@ -82,6 +82,7 @@ You can list this and any other serviceAccount resources in the namespace with t ```shell kubectl get serviceaccounts ``` + The output is similar to this: ``` @@ -108,9 +109,10 @@ If you get a complete dump of the service account object, like this: ```shell kubectl get serviceaccounts/build-robot -o yaml ``` + The output is similar to this: -``` +```yaml apiVersion: v1 kind: ServiceAccount metadata: @@ -164,6 +166,7 @@ Any tokens for non-existent service accounts will be cleaned up by the token con ```shell kubectl describe secrets/build-robot-secret ``` + The output is similar to this: ``` @@ -227,7 +230,7 @@ kubectl get serviceaccounts default -o yaml > ./sa.yaml The output of the `sa.yaml` file is similar to this: -```shell +```yaml apiVersion: v1 kind: ServiceAccount metadata: @@ -244,7 +247,7 @@ Using your editor of choice (for example `vi`), open the `sa.yaml` file, delete The output of the `sa.yaml` file is similar to this: -```shell +```yaml apiVersion: v1 kind: ServiceAccount metadata: @@ -319,7 +322,8 @@ kubectl create -f https://k8s.io/examples/pods/pod-projected-svc-token.yaml ``` The kubelet will request and store the token on behalf of the pod, make the -token available to the pod at a configurable file path, and refresh the token as it approaches expiration. Kubelet proactively rotates the token if it is older than 80% of its total TTL, or if the token is older than 24 hours. +token available to the pod at a configurable file path, and refresh the token as it approaches expiration. +The kubelet proactively rotates the token if it is older than 80% of its total TTL, or if the token is older than 24 hours. The application is responsible for reloading the token when it rotates. Periodic reloading (e.g. once every 5 minutes) is sufficient for most use cases. @@ -380,7 +384,6 @@ JWKS URI is required to use the `https` scheme. ## {{% heading "whatsnext" %}} - See also: - [Cluster Admin Guide to Service Accounts](/docs/reference/access-authn-authz/service-accounts-admin/)