Merge pull request #3475 from bfallonf/secrets_1411421

Bug 1411421 added information on linking pods to serviceaccounts

dev_guide/builds.adoc

@@ -947,6 +947,14 @@ source secrets used. Access is granted with the following command:
 $ oc secrets link builder mysecret
 ----
 
+[NOTE]
+====
+Limiting secrets to only the service accounts that reference them is disabled by
+default. This means that if `serviceAccountConfig.limitSecretReferences` is set
+to `false` (the default setting) in the master configuration file, linking
+secrets to a service is not required.
+====
+
 [[automatic-addition-of-a-source-secret-to-a-build-configuration]]
 ===== Automatic Addition of a Source Secret to a Build Configuration
 

dev_guide/service_accounts.adoc

@@ -170,6 +170,17 @@ To allow a secret to be mounted by a service account's pods, run:
 $ oc secrets link --for=mount <serviceaccount-name> <secret-name>
 ----
 
+[NOTE]
+====
+Limiting secrets to only the service accounts that reference them is disabled by
+default. This means that if `serviceAccountConfig.limitSecretReferences` is set
+to `false` (the default setting) in the master configuration file, mounting
+secrets to a service account's pods with the `--for=mount` option is not
+required. However, using the `--for=pull` option to enable using an image pull
+secret is required, regardless of the
+`serviceAccountConfig.limitSecretReferences` value.
+====
+
 This example creates and adds secrets to a service account:
 
 ====

install_config/registry/securing_and_exposing_registry.adoc

@@ -76,6 +76,14 @@ $ oc secrets link registry registry-secret
 $ oc secrets link default  registry-secret
 ----
 +
+[NOTE]
+====
+Limiting secrets to only the service accounts that reference them is disabled by
+default. This means that if `serviceAccountConfig.limitSecretReferences` is set
+to `false` (the default setting) in the master configuration file, linking
+secrets to a service is not required.
+====
++
 . Add the secret volume to the registry deployment configuration:
 +
 ----