Skip to content

Commit

Permalink
Trivial: Make the authentication doc consistent (#9472)
Browse files Browse the repository at this point in the history 
On the content, user categories are defined as service account and
normal user. However regular user is written at one place instead
of normal user. This replaces the regular user with normal user
for the consistency.

The option --authentication-token-webhook-config-file is for specifying
the configuration file which uses the kubeconfig file format, so this
replaces kubeconfig with configuration for avoiding confusions.

The last change is updating the order of 'clusters' and 'users' for
fitting the following example to read easily.
  • Loading branch information
@k8s-ci-robot
Ken'ichi Ohmichi authored and k8s-ci-robot committed Jul 18, 2018
1 parent c0af4f7 commit 76b7f9c
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions content/en/docs/reference/access-authn-authz/authentication.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ by Kubernetes, and normal users.
Normal users are assumed to be managed by an outside, independent service. An
admin distributing private keys, a user store like Keystone or Google Accounts,
even a file with a list of usernames and passwords. In this regard, _Kubernetes
does not have objects which represent normal user accounts._ Regular users
does not have objects which represent normal user accounts._ Normal users
cannot be added to a cluster through an API call.

In contrast, service accounts are users managed by the Kubernetes API. They are
Expand Down Expand Up @@ -400,12 +400,12 @@ kubectl --token=eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL21sYi50cmVtb2xvLmxhbjo

Webhook authentication is a hook for verifying bearer tokens.

* `--authentication-token-webhook-config-file` a kubeconfig file describing how to access the remote webhook service.
* `--authentication-token-webhook-config-file` a configuration file describing how to access the remote webhook service.
* `--authentication-token-webhook-cache-ttl` how long to cache authentication decisions. Defaults to two minutes.

The configuration file uses the [kubeconfig](/docs/concepts/cluster-administration/authenticate-across-clusters-kubeconfig/)
file format. Within the file `users` refers to the API server webhook and
`clusters` refers to the remote service. An example would be:
file format. Within the file, `clusters` refers to the remote service and
`users` refers to the API server webhook. An example would be:

```yaml
# clusters refers to the remote service.
Expand Down

0 comments on commit 76b7f9c

Please sign in to comment.