spiffe · azdagron · Sep 30, 2022 · Sep 30, 2022 · Sep 30, 2022
@@ -21,7 +21,7 @@ The main configuration accepts the following values:
 | `cluster`       | Name of the cluster. It must correspond to a cluster configured in the server plugin. |
 | `token_path`      | Path to the service account token on disk | "/var/run/secrets/kubernetes.io/serviceaccount/token" |
 
-The token path defaults to the default location kubernetes uses to place the token and should not need to be overridden in most cases.
+The token path defaults to the default location Kubernetes uses to place the token and should not need to be overridden in most cases.
 
 A sample configuration with the default token path:
 

@@ -31,7 +31,7 @@ Each cluster in the main configuration requires the following configuration:
 | `allowed_node_label_keys` | Node label keys considered for selectors | |
 | `allowed_pod_label_keys` | Pod label keys considered for selectors | |
 
-A sample configuration for SPIRE server running inside of a kubernetes cluster:
+A sample configuration for SPIRE server running inside of a Kubernetes cluster:
 
 ```
     NodeAttestor "k8s_psat" {
@@ -44,7 +44,7 @@ A sample configuration for SPIRE server running inside of a kubernetes cluster:
     }
 ```
 
-A sample configuration for SPIRE server running outside of a kubernetes cluster:
+A sample configuration for SPIRE server running outside of a Kubernetes cluster:
 
 ```
     NodeAttestor "k8s_psat" {

@@ -34,7 +34,7 @@ Each cluster in the main configuration requires the following configuration:
 | `service_account_allow_list` | A list of service account names, qualified by namespace (for example, "default:blog" or "production:web") to allow for node attestation. Attestation will be rejected for tokens bound to service accounts that aren't in the allow list. | |
 | `use_token_review_api_validation` | Specifies how the service account token is validated. If false, validation is done locally using the provided key. If true, validation is done using token review API.  | false |
 | `service_account_key_file` | It is only used if `use_token_review_api_validation` is set to `false`. Path on disk to a PEM encoded file containing public keys used in validating tokens for that cluster. RSA and ECDSA keys are supported. For RSA, X509 certificates, PKCS1, and PKIX encoded public keys are accepted. For ECDSA, X509 certificates, and PKIX encoded public keys are accepted. | |
-| `kube_config_file` | It is only used if `use_token_review_api_validation` is set to `true`. Path to a k8s configuration file for API Server authentication. A kubernetes configuration file must be specified if SPIRE server runs outside of the k8s cluster. If empty, SPIRE server is assumed to be running inside the cluster and in-cluster configuration is used. | "" |
+| `kube_config_file` | It is only used if `use_token_review_api_validation` is set to `true`. Path to a k8s configuration file for API Server authentication. A Kubernetes configuration file must be specified if SPIRE server runs outside of the k8s cluster. If empty, SPIRE server is assumed to be running inside the cluster and in-cluster configuration is used. | "" |
 
 
 A sample configuration for SPIRE server running inside or outside of a Kubernetes cluster and validating the service account token with a key file located at `"/run/k8s-certs/sa.pub"`:

@@ -413,7 +413,7 @@ func getKubeConfig(configPath string) (*rest.Config, error) {
 	return rest.InClusterConfig()
 }
 
-// kubeClient encapsulates the Kubenetes API for config maps, validating webhooks, and mutating webhooks
+// kubeClient encapsulates the Kubernetes API for config maps, validating webhooks, and mutating webhooks
 type informerCallback func(kubeClient, runtime.Object)
 
 type kubeClient interface {
@@ -424,7 +424,7 @@ type kubeClient interface {
 	Informer(callback informerCallback) cache.SharedIndexInformer
 }
 
-// configMapClient encapsulates the Kubenetes API for updating the CA Bundle in a config map
+// configMapClient encapsulates the Kubernetes API for updating the CA Bundle in a config map
 type configMapClient struct {
 	*kubernetes.Clientset
 	namespace    string

@@ -21,7 +21,7 @@ type ConditionStatus string
 
 // These are valid condition statuses. "ConditionTrue" means a resource is in
 // the condition; "ConditionFalse" means a resource is not in the condition;
-// "ConditionUnknown" means kubernetes can't decide if a resource is in the
+// "ConditionUnknown" means Kubernetes can't decide if a resource is in the
 // condition or not. In the future, we could add other intermediate
 // conditions, e.g. ConditionDegraded.
 const (

@@ -1,7 +1,7 @@
 # SPIRE Kubernetes Workload Registrar (CRD Mode)
 
-The CRD mode of the SPIRE Kubernetes Workload Registrar uses a Kuberntes Custom Resource Definition (CRD) to integrate SPIRE and Kubernetes.
-This enables auto and manual generation of SPIFFE IDs from with Kubenretes and the `kubectl` CLI.
+The CRD mode of the SPIRE Kubernetes Workload Registrar uses a Kubernetes Custom Resource Definition (CRD) to integrate SPIRE and Kubernetes.
+This enables auto and manual generation of SPIFFE IDs from with Kubernetes and the `kubectl` CLI.
 
 ## Benefits of CRD Kubernetes Workload Registrar