Merge pull request #21293 from liggitt/sa-namespace-docs

Auto commit by PR queue bot
This commit is contained in:
k8s-merge-robot 2016-02-16 01:21:57 -08:00
commit 90a7ac4aa1
2 changed files with 9 additions and 1 deletions

View File

@ -170,6 +170,13 @@ is associated with a service account, and a credential (token) for that
service account is placed into the filesystem tree of each container in that pod, service account is placed into the filesystem tree of each container in that pod,
at `/var/run/secrets/kubernetes.io/serviceaccount/token`. at `/var/run/secrets/kubernetes.io/serviceaccount/token`.
If available, a certificate bundle is placed into the filesystem tree of each
container at `/var/run/secrets/kubernetes.io/serviceaccount/ca.crt`, and should be
used to verify the serving certificate of the apiserver.
Finally, the default namespace to be used for namespaced API operations is placed in a file
at `/var/run/secrets/kubernetes.io/serviceaccount/namespace` in each container.
From within a pod the recommended ways to connect to API are: From within a pod the recommended ways to connect to API are:
- run a kubectl proxy as one of the containers in the pod, or as a background - run a kubectl proxy as one of the containers in the pod, or as a background
process within a container. This proxies the process within a container. This proxies the

View File

@ -156,7 +156,8 @@ Type: kubernetes.io/service-account-token
Data Data
==== ====
ca.crt: 1220 bytes ca.crt: 1220 bytes
token: token: ...
namespace: 7 bytes
``` ```
> Note that the content of `token` is elided here. > Note that the content of `token` is elided here.