OSDOCS#10143: Updating that SA API token secrets are no longer automa…

…tically generated
openshift · Apr 25, 2024 · fbb6a15 · fbb6a15
1 parent 28db2f8
commit fbb6a15
Showing 1 changed file with 5 additions and 10 deletions.
diff --git a/modules/service-account-auto-secret-removed.adoc b/modules/service-account-auto-secret-removed.adoc
@@ -7,23 +7,18 @@
 [id="auto-generated-sa-token-secrets_{context}"]
 = Automatically generated secrets
 
-By default, {product-title} creates the following secrets for each service account:
+By default, {product-title} creates a `kubernetes.io/dockercfg` secret for each service account. 
 
-* A dockercfg image pull secret
-* A service account token secret
-+
 [NOTE]
 ====
-Prior to {product-title} 4.11, a second service account token secret was generated when a service account was created. This service account token secret was used to access the Kubernetes API.
+Prior to {product-title} 4.16, a long-lived service account API token secret was also generated for each service account that was created. Starting with {product-title} 4.16, this service account API token secret is no longer created.
 
-Starting with {product-title} 4.11, this second service account token secret is no longer created. This is because the `LegacyServiceAccountTokenNoAutoGeneration` upstream Kubernetes feature gate was enabled, which stops the automatic generation of secret-based service account tokens to access the Kubernetes API.
-
-After upgrading to {product-version}, any existing service account token secrets are not deleted and continue to function.
+After upgrading to {product-version}, any existing long-lived service account API token secrets are not deleted and will continue to function. For information about detecting long-lived API tokens that are in use in your cluster or deleting them if they are not needed, see the Red Hat Knowledgebase article link:https://access.redhat.com/articles/7058801[Long-lived service account API tokens in OpenShift Container Platform].
 ====
 
-This service account token secret and docker configuration image pull secret are necessary to integrate the {product-registry} into the cluster's user authentication and authorization system.
+This docker configuration image pull secret is necessary to integrate the {product-registry} into the cluster's user authentication and authorization system.
 
-However, if you do not enable the `ImageRegistry` capability or if you disable the integrated {product-registry} in the Cluster Image Registry Operator's configuration, these secrets are not generated for each service account.
+However, if you do not enable the `ImageRegistry` capability or if you disable the integrated {product-registry} in the Cluster Image Registry Operator's configuration, a dockercfg secret is not generated for each service account.
 
 [WARNING]
 ====