mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 19:56:01 +00:00
Merge pull request #21293 from liggitt/sa-namespace-docs
Auto commit by PR queue bot
This commit is contained in:
commit
90a7ac4aa1
@ -170,6 +170,13 @@ is associated with a service account, and a credential (token) for that
|
|||||||
service account is placed into the filesystem tree of each container in that pod,
|
service account is placed into the filesystem tree of each container in that pod,
|
||||||
at `/var/run/secrets/kubernetes.io/serviceaccount/token`.
|
at `/var/run/secrets/kubernetes.io/serviceaccount/token`.
|
||||||
|
|
||||||
|
If available, a certificate bundle is placed into the filesystem tree of each
|
||||||
|
container at `/var/run/secrets/kubernetes.io/serviceaccount/ca.crt`, and should be
|
||||||
|
used to verify the serving certificate of the apiserver.
|
||||||
|
|
||||||
|
Finally, the default namespace to be used for namespaced API operations is placed in a file
|
||||||
|
at `/var/run/secrets/kubernetes.io/serviceaccount/namespace` in each container.
|
||||||
|
|
||||||
From within a pod the recommended ways to connect to API are:
|
From within a pod the recommended ways to connect to API are:
|
||||||
- run a kubectl proxy as one of the containers in the pod, or as a background
|
- run a kubectl proxy as one of the containers in the pod, or as a background
|
||||||
process within a container. This proxies the
|
process within a container. This proxies the
|
||||||
|
@ -156,7 +156,8 @@ Type: kubernetes.io/service-account-token
|
|||||||
Data
|
Data
|
||||||
====
|
====
|
||||||
ca.crt: 1220 bytes
|
ca.crt: 1220 bytes
|
||||||
token:
|
token: ...
|
||||||
|
namespace: 7 bytes
|
||||||
```
|
```
|
||||||
|
|
||||||
> Note that the content of `token` is elided here.
|
> Note that the content of `token` is elided here.
|
||||||
|
Loading…
Reference in New Issue
Block a user