github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-29 06:27:05 +00:00
Code Issues Projects Releases Wiki Activity

Docs for service account token namespace

Browse Source
This commit is contained in:
Jordan Liggitt 2016-02-11 19:57:19 -05:00
parent f366baeaeb
commit f1da2a92ab
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docs/user-guide/accessing-the-cluster.md
View File

@ -170,6 +170,13 @@ is associated with a service account, and a credential (token) for that
service account is placed into the filesystem tree of each container in that pod, service account is placed into the filesystem tree of each container in that pod,
at `/var/run/secrets/kubernetes.io/serviceaccount/token`. at `/var/run/secrets/kubernetes.io/serviceaccount/token`.
If available, a certificate bundle is placed into the filesystem tree of each
container at `/var/run/secrets/kubernetes.io/serviceaccount/ca.crt`, and should be
used to verify the serving certificate of the apiserver.
Finally, the default namespace to be used for namespaced API operations is placed in a file
at `/var/run/secrets/kubernetes.io/serviceaccount/namespace` in each container.
From within a pod the recommended ways to connect to API are: From within a pod the recommended ways to connect to API are:
- run a kubectl proxy as one of the containers in the pod, or as a background - run a kubectl proxy as one of the containers in the pod, or as a background
process within a container. This proxies the process within a container. This proxies the

3
docs/user-guide/service-accounts.md
View File

@ -156,7 +156,8 @@ Type: kubernetes.io/service-account-token
Data Data
==== ====
ca.crt: 1220 bytes ca.crt: 1220 bytes
token: token: ...
namespace: 7 bytes
``` ```
> Note that the content of `token` is elided here. > Note that the content of `token` is elided here.