Skip to content

Commit

Permalink
Merge pull request kubernetes#28570 from zshihang/main
Browse files Browse the repository at this point in the history
update doc for BoundServiceAccountTokenVolume ga
  • Loading branch information
k8s-ci-robot authored Jun 24, 2021
2 parents e53208d + 3a9b198 commit 369169d
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 9 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -62,10 +62,9 @@ It acts synchronously to modify pods as they are created or updated. When this p

#### Bound Service Account Token Volume

{{< feature-state for_k8s_version="v1.21" state="beta" >}}
{{< feature-state for_k8s_version="v1.22" state="stable" >}}

When the `BoundServiceAccountTokenVolume` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) is enabled, the service account admission controller will
add the following projected volume instead of a Secret-based volume for the non-expiring service account token created by Token Controller.
The ServiceAccount admission controller will add the following projected volume instead of a Secret-based volume for the non-expiring service account token created by Token Controller.

```yaml
- name: kube-api-access-<random-suffix>
Expand Down Expand Up @@ -96,10 +95,6 @@ This projected volume consists of three sources:

See more details about [projected volumes](/docs/tasks/configure-pod-container/configure-projected-volume-storage/).

You can manually migrate a Secret-based service account volume to a projected volume when
the `BoundServiceAccountTokenVolume` feature gate is not enabled by adding the above
projected volume to the pod spec.

### Token Controller

TokenController runs as part of `kube-controller-manager`. It acts asynchronously. It:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -59,8 +59,6 @@ different Kubernetes components.
| `AnyVolumeDataSource` | `false` | Alpha | 1.18 | |
| `AppArmor` | `true` | Beta | 1.4 | |
| `BalanceAttachedNodeVolumes` | `false` | Alpha | 1.11 | |
| `BoundServiceAccountTokenVolume` | `false` | Alpha | 1.13 | 1.20 |
| `BoundServiceAccountTokenVolume` | `true` | Beta | 1.21 | |
| `CPUManager` | `false` | Alpha | 1.8 | 1.9 |
| `CPUManager` | `true` | Beta | 1.10 | |
| `CSIInlineVolume` | `false` | Alpha | 1.15 | 1.15 |
Expand Down Expand Up @@ -202,6 +200,9 @@ different Kubernetes components.
| `BlockVolume` | `false` | Alpha | 1.9 | 1.12 |
| `BlockVolume` | `true` | Beta | 1.13 | 1.17 |
| `BlockVolume` | `true` | GA | 1.18 | - |
| `BoundServiceAccountTokenVolume` | `false` | Alpha | 1.13 | 1.20 |
| `BoundServiceAccountTokenVolume` | `true` | Beta | 1.21 | 1.22 |
| `BoundServiceAccountTokenVolume` | `true` | GA | 1.22 | - |
| `CRIContainerLogRotation` | `false` | Alpha | 1.10 | 1.10 |
| `CRIContainerLogRotation` | `true` | Beta | 1.11 | 1.20 |
| `CRIContainerLogRotation` | `true` | GA | 1.21 | - |
Expand Down

0 comments on commit 369169d

Please sign in to comment.