mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 19:56:01 +00:00
Docs for service account token namespace
This commit is contained in:
parent
f366baeaeb
commit
f1da2a92ab
@ -170,6 +170,13 @@ is associated with a service account, and a credential (token) for that
|
||||
service account is placed into the filesystem tree of each container in that pod,
|
||||
at `/var/run/secrets/kubernetes.io/serviceaccount/token`.
|
||||
|
||||
If available, a certificate bundle is placed into the filesystem tree of each
|
||||
container at `/var/run/secrets/kubernetes.io/serviceaccount/ca.crt`, and should be
|
||||
used to verify the serving certificate of the apiserver.
|
||||
|
||||
Finally, the default namespace to be used for namespaced API operations is placed in a file
|
||||
at `/var/run/secrets/kubernetes.io/serviceaccount/namespace` in each container.
|
||||
|
||||
From within a pod the recommended ways to connect to API are:
|
||||
- run a kubectl proxy as one of the containers in the pod, or as a background
|
||||
process within a container. This proxies the
|
||||
|
@ -156,7 +156,8 @@ Type: kubernetes.io/service-account-token
|
||||
Data
|
||||
====
|
||||
ca.crt: 1220 bytes
|
||||
token:
|
||||
token: ...
|
||||
namespace: 7 bytes
|
||||
```
|
||||
|
||||
> Note that the content of `token` is elided here.
|
||||
|
Loading…
Reference in New Issue
Block a user