Merge pull request #21046 from divyabhushan/master

k8s-ci-robot · web-flow · commit 98851648a255 · 2020-05-21T12:22:14.000-07:00
Rendering issues on#service-account-permissions #21029
diff --git a/content/en/docs/reference/access-authn-authz/rbac.md b/content/en/docs/reference/access-authn-authz/rbac.md
@@ -1079,37 +1079,37 @@ In order from most secure to least secure, the approaches are:
 
 2. Grant a role to the "default" service account in a namespace
 
-    If an application does not specify a `serviceAccountName`, it uses the "default" service account.
+If an application does not specify a `serviceAccountName`, it uses the "default" service account.
 
-    {{< note >}}
-    Permissions given to the "default" service account are available to any pod
-    in the namespace that does not specify a `serviceAccountName`.
-    {{< /note >}}
+{{< note >}}
+Permissions given to the "default" service account are available to any pod
+in the namespace that does not specify a `serviceAccountName`.
+{{< /note >}}
 
-    For example, grant read-only permission within "my-namespace" to the "default" service account:
+For example, grant read-only permission within "my-namespace" to the "default" service account:
 
-    ```shell
-    kubectl create rolebinding default-view \
-      --clusterrole=view \
-      --serviceaccount=my-namespace:default \
-      --namespace=my-namespace
-    ```
+```shell
+kubectl create rolebinding default-view \
+  --clusterrole=view \
+  --serviceaccount=my-namespace:default \
+  --namespace=my-namespace
+```
 
-    Many [add-ons](/docs/concepts/cluster-administration/addons/) run as the
-    "default" service account in the `kube-system` namespace.
-    To allow those add-ons to run with super-user access, grant cluster-admin
-    permissions to the "default" service account in the `kube-system` namespace.
+Many [add-ons](/docs/concepts/cluster-administration/addons/) run as the
+"default" service account in the `kube-system` namespace.
+To allow those add-ons to run with super-user access, grant cluster-admin
+permissions to the "default" service account in the `kube-system` namespace.
 
-    {{< caution >}}
-    Enabling this means the `kube-system` namespace contains Secrets
-    that grant super-user access to your cluster's API.
-    {{< /caution >}}
+{{< caution >}}
+Enabling this means the `kube-system` namespace contains Secrets
+that grant super-user access to your cluster's API.
+{{< /caution >}}
 
-    ```shell
-    kubectl create clusterrolebinding add-on-cluster-admin \
-      --clusterrole=cluster-admin \
-      --serviceaccount=kube-system:default
-    ```
+```shell
+kubectl create clusterrolebinding add-on-cluster-admin \
+  --clusterrole=cluster-admin \
+  --serviceaccount=kube-system:default
+```
 
 3. Grant a role to all service accounts in a namespace
 
