Merge pull request #29476 from liggitt/podsecurity-audit-annotations

k8s-ci-robot · web-flow · commit dd2f06f64a3c · 2021-08-19T08:59:24.000-07:00
Clarify audit annotation destination
diff --git a/content/en/docs/concepts/security/pod-security-admission.md b/content/en/docs/concepts/security/pod-security-admission.md
@@ -62,9 +62,9 @@ takes if a potential violation is detected:
 {{< table caption="Pod Security Admission modes" >}}
 Mode | Description
 :---------|:------------
-**`enforce`** | Policy violations will cause the pod to be rejected.
-**`audit`** | Policy violations will trigger the addition of an audit annotation, but are otherwise allowed.
-**`warn`** | Policy violations will trigger a user-facing warning, but are otherwise allowed.
+**enforce** | Policy violations will cause the pod to be rejected.
+**audit** | Policy violations will trigger the addition of an audit annotation to the event recorded in the [audit log](/docs/tasks/debug-application-cluster/audit/), but are otherwise allowed.
+**warn** | Policy violations will trigger a user-facing warning, but are otherwise allowed.
 {{< /table >}}
 
 A namespace can configure any or all modes, or even set a different level for different modes.
