Merge pull request #1760 from aileenjackson/patch-2

Add procedure to specify docker pull secret for embedded workflow

Author: Fryguy

managing_providers/_topics/embedded_workflows.md

@@ -38,7 +38,7 @@ In addition to the *Embedded Workflows* UI, **Embedded Workflows** can also be u
 
 * Service Catalog Items
 
-   The provisioning, reconfigure, and retirement entry points include the option for using **Embedded Workflows** or **Embedded Automate**.  You can set the point field to the workflow that you want to use for any, or all, of the three service entry points.
+   The provisioning, reconfigure, and retirement entry points include the option for using **Embedded Workflows** or **Embedded Automate**. You can set the point field to the workflow that you want to use for any, or all, of the three service entry points.
 
    ![Entry Points options](../../images/embedworkflow_entrypointsembedded.png)
 
@@ -169,21 +169,23 @@ Workflows must be authored in Amazon State Languages (ASL) format. As part of au
 
    When you have the code for your task resource written, you need to bundle it into a docker image. You can bundle the code by creating a standard [Dockerfile](https://docs.docker.com/engine/reference/builder/) and building the image (https://docs.docker.com/engine/reference/commandline/build/). Then, you can push the image to a [registry](https://docs.docker.com/engine/reference/commandline/push/), which makes the image available to be used by {{ site.data.product.title_short }}. When you have pushed your images to an image registry, you can add the registry to {{ site.data.product.title_short }}.
 
-  a) On appliances, `podman` is used to execute the container
+   * On appliances, `podman` is used to execute the container
+
      On appliances, `podman` is used to execute the container so use [podman login](https://docs.podman.io/en/stable/markdown/podman-login.1.html) as the `manageiq` user.
 
-     ```
+     ```text
      # su manageiq
      $ podman login docker.io
      Username:
      Password:
      Login Succeeded!
      ```
 
-   You are recommended to use a docker.io [access token](https://docs.docker.com/security/for-developers/access-tokens/) so that the token does not expire.
+      You are recommended to use a docker.io [access token](https://docs.docker.com/security/for-developers/access-tokens/) so that the token does not expire.
+
+   * Provide an image pull secret to a podified Kubernetes container, and then add it to a service account
 
-   b) Provide an image pull secret to a podified Kubernetes container, and then add it to a service account
-     In order to pull an image from a private registry you have to provide an `ImagePullSecret` to your containers, see [Pull an Image from a Private Registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/).  {{ site.data.product.title_short }} uses a service account called `manageiq-default` to run containers for your workflows.  You can add an `ImagePullSecret` to this service account by following [Add Image Pull Secrets to a service account](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account/).
+     In order to pull an image from a private registry you have to provide an `ImagePullSecret` to your containers, see [Pull an Image from a Private Registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/). {{ site.data.product.title_short }} uses a service account called {{ site.data.product.workflow_service_account }} to run containers for your workflows. You can add an `ImagePullSecret` to this service account by following [Add Image Pull Secrets to a service account](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account/).
 
 #### Example: Provisioning Workflow