Update content/en/docs/reference/access-authn-authz/service-accounts-admin.md

dprotaso · Tim Bannister · web-flow · commit f023295351c1 · 2023-05-23T13:16:26.000-04:00
Co-authored-by: Tim Bannister &lt;tim@scalefactory.com&gt;
diff --git a/content/en/docs/reference/access-authn-authz/service-accounts-admin.md b/content/en/docs/reference/access-authn-authz/service-accounts-admin.md
@@ -98,8 +98,8 @@ each source also represents a single path within that volume. The three sources
 
 1. A `serviceAccountToken` source, that contains a token that the kubelet acquires from kube-apiserver.
    The kubelet fetches time-bound tokens using the TokenRequest API. A token served for a TokenRequest expires
-   either when the pod is deleted or after a defined lifespan (by default, that is 1 hour). The token
-   will be refreshed by the kubelet prior to expiry.
+   either when the pod is deleted or after a defined lifespan (by default, that is 1 hour).
+   The kubelet also refreshes that token before the token expires.
    The token is bound to the specific Pod and has the kube-apiserver as its audience.
    This mechanism superseded an earlier mechanism that added a volume based on a Secret,
    where the Secret represented the ServiceAccount for the Pod, but did not expire.
