Skip to content

Commit c2c438d

Browse files
authored
Merge pull request #39097 from Zhuzhenghao/service-accounts-admin
[zh] Resync service-accounts-admin.md
2 parents d797432 + 23f61e8 commit c2c438d

File tree

1 file changed

+7
-7
lines changed

1 file changed

+7
-7
lines changed

content/zh-cn/docs/reference/access-authn-authz/service-accounts-admin.md

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -160,7 +160,7 @@ each source also represents a single path within that volume. The three sources
160160
1. A `configMap` source. The ConfigMap contains a bundle of certificate authority data. Pods can use these
161161
certificates to make sure that they are connecting to your cluster's kube-apiserver (and not to middlebox
162162
or an accidentally misconfigured peer).
163-
1. A `downwardAPI` source that looks up the name of thhe namespace containing the Pod, and makes
163+
1. A `downwardAPI` source that looks up the name of the namespace containing the Pod, and makes
164164
that name information available to application code running inside the Pod.
165165
-->
166166
该清单片段定义了由三个数据源组成的投射卷。在当前场景中,每个数据源也代表该卷内的一条独立路径。这三个数据源是:
@@ -315,7 +315,7 @@ it does the following when a Pod is created:
315315
`/var/run/secrets/kubernetes.io/serviceaccount`.
316316
For Linux containers, that volume is mounted at `/var/run/secrets/kubernetes.io/serviceaccount`;
317317
on Windows nodes, the mount is at the equivalent path.
318-
1. If the spec of the incoming Pod does already contain any `imagePullSecrets`, then the
318+
1. If the spec of the incoming Pod doesn't already contain any `imagePullSecrets`, then the
319319
admission controller adds `imagePullSecrets`, copying them from the `ServiceAccount`.
320320
-->
321321
3. 如果服务账号的 `automountServiceAccountToken` 字段或 Pod 的
@@ -326,7 +326,7 @@ it does the following when a Pod is created:
326326
忽略已为 `/var/run/secrets/kubernetes.io/serviceaccount` 路径定义的卷挂载的所有容器。
327327
对于 Linux 容器,此卷挂载在 `/var/run/secrets/kubernetes.io/serviceaccount`;
328328
在 Windows 节点上,此卷挂载在等价的路径上。
329-
4. 如果新来 Pod 的规约已包含任何 `imagePullSecrets`,则准入控制器添加 `imagePullSecrets`,
329+
4. 如果新来 Pod 的规约不包含任何 `imagePullSecrets`,则准入控制器添加 `imagePullSecrets`,
330330
并从 `ServiceAccount` 进行复制。
331331

332332
### TokenRequest API
@@ -392,14 +392,14 @@ kubelet 确保该卷包含允许容器作为正确 ServiceAccount 进行身份
392392
<!--
393393
That manifest snippet defines a projected volume that combines information from three sources:
394394

395-
1. A `serviceAccountToken` source, that contains a token that the kubelet acquires from kube-apiserver
395+
1. A `serviceAccountToken` source, that contains a token that the kubelet acquires from kube-apiserver.
396396
The kubelet fetches time-bound tokens using the TokenRequest API. A token served for a TokenRequest expires
397397
either when the pod is deleted or after a defined lifespan (by default, that is 1 hour).
398398
The token is bound to the specific Pod and has the kube-apiserver as its audience.
399399
1. A `configMap` source. The ConfigMap contains a bundle of certificate authority data. Pods can use these
400400
certificates to make sure that they are connecting to your cluster's kube-apiserver (and not to middlebox
401401
or an accidentally misconfigured peer).
402-
1. A `downwardAPI` source. This `downwardAPI` volume makes the name of the namespace container the Pod available
402+
1. A `downwardAPI` source. This `downwardAPI` volume makes the name of the namespace containing the Pod available
403403
to application code running inside the Pod.
404404
-->
405405
该清单片段定义了由三个数据源信息组成的投射卷。
@@ -536,7 +536,7 @@ metadata:
536536
selfLink: /api/v1/namespaces/examplens/serviceaccounts/example-automated-thing
537537
uid: f23fd170-66f2-4697-b049-e1e266b7f835
538538
secrets:
539-
- name: example-automated-thing-token-zyxwv
539+
- name: example-automated-thing-token-zyxwv
540540
```
541541
542542
<!--
@@ -572,7 +572,7 @@ metadata:
572572
selfLink: /api/v1/namespaces/examplens/serviceaccounts/example-automated-thing
573573
uid: f23fd170-66f2-4697-b049-e1e266b7f835
574574
secrets:
575-
- name: example-automated-thing-token-4rdrh
575+
- name: example-automated-thing-token-4rdrh
576576
```
577577
578578
<!--

0 commit comments

Comments
 (0)