From ac1df4d6a9d3175b4cf42c21cb98eedd60822657 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20=C5=A0=C3=B2d=C3=A9k=C3=A9?=
 <sodekeolubemigam@gmail.com>
Date: Thu, 2 Sep 2021 09:01:34 -0700
Subject: [PATCH 1/3] Updated `## Persist the todo data` section (#13434)

* Updated `## Persist the todo data` section

I provided a 3-step procedure from lines 81 to 102 on how to access the container's shell environment, since It was unclear how to access the `/etc/todos` directory. Also, nowhere, in the tutorial, was it mentioned that containers are *self-contained shell environments*. This information is crucial for beginners following along with the tutorial.

Take care.

* Second update

This update was due to a suggestion provided by @thaJeztah .
---
 get-started/05_persisting_data.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/get-started/05_persisting_data.md b/get-started/05_persisting_data.md
index 98638037b8..c0297c7592 100644
--- a/get-started/05_persisting_data.md
+++ b/get-started/05_persisting_data.md
@@ -76,7 +76,7 @@ There are two main types of volumes. We will eventually use both, but we will st
 ## Persist the todo data
 
 By default, the todo app stores its data in a [SQLite Database](https://www.sqlite.org/index.html){:target="_blank" rel="noopener" class="_"} at
-`/etc/todos/todo.db`. If you're not familiar with SQLite, no worries! It's simply a relational database in 
+`/etc/todos/todo.db` in the container's filesystem. If you're not familiar with SQLite, no worries! It's simply a relational database in 
 which all of the data is stored in a single file. While this isn't the best for large-scale applications,
 it works for small demos. We'll talk about switching this to a different database engine later.
 

From 017a22c25ba9a8e99cd4532b2597b0707f5cce9b Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Thu, 2 Sep 2021 23:00:03 +0200
Subject: [PATCH 2/3] Revert "Add redirect URL for service account"

This reverts commit f25bdd26a2c195af95fb9e1ddad7a4993f08961a.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
 docker-hub/access-tokens.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/docker-hub/access-tokens.md b/docker-hub/access-tokens.md
index 10e0401faf..584fdae340 100644
--- a/docker-hub/access-tokens.md
+++ b/docker-hub/access-tokens.md
@@ -2,8 +2,6 @@
 title: Managing access tokens
 description: Learn how to create and manage your personal Docker Hub access tokens to securely push and pull images programmatically.
 keywords: docker hub, hub, security, PAT, personal access token
-redirect_from:
-- /docker-hub/service-accounts/
 ---
 
 Docker Hub lets you create personal access tokens as alternatives to your password. You can use tokens to access Hub images from the Docker CLI.

From 9abe0b6ae1a771cd52e181be24a8863bbb47c15b Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Thu, 2 Sep 2021 23:00:07 +0200
Subject: [PATCH 3/3] Revert "Remove info on service accounts"

This reverts commit 41f9a7b03ebbf8dbdff4cd2009296c4c10a8b5a8.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
 _data/toc.yaml                 |  2 ++
 docker-hub/service-accounts.md | 55 ++++++++++++++++++++++++++++++++++
 registry/recipes/mirror.md     |  4 +++
 3 files changed, 61 insertions(+)
 create mode 100644 docker-hub/service-accounts.md

diff --git a/_data/toc.yaml b/_data/toc.yaml
index d01cd9dec2..8441b80b16 100644
--- a/_data/toc.yaml
+++ b/_data/toc.yaml
@@ -1348,6 +1348,8 @@ manuals:
     title: Docker ID accounts
   - path: /docker-hub/repos/
     title: Repositories
+  - path: /docker-hub/service-accounts/
+    title: Service accounts
   - path: /docker-hub/official_images/
     title: Docker Official images
   - sectiontitle: Automated builds
diff --git a/docker-hub/service-accounts.md b/docker-hub/service-accounts.md
new file mode 100644
index 0000000000..156165d2a1
--- /dev/null
+++ b/docker-hub/service-accounts.md
@@ -0,0 +1,55 @@
+---
+description: Docker Service accounts
+keywords: Docker, service, accounts, Docker Hub
+title: Service accounts
+---
+
+A service account is a Docker ID used for automated management of container images or containerized applications. Service accounts are typically used in automated workflows, and do not share Docker IDs with the members in the Team plan. Common use cases for service accounts include mirroring content on Docker Hub, or tying in image pulls from your CI/CD process.
+
+> **Note**
+>
+> Service accounts included with the Team plan are limited to 5,000 pulls per day. If you require a higher number of pulls, you can purchase an Enhanced Service Account add-on.
+
+## Enhanced Service Account add-on pricing
+
+Refer to the following table for details on the Enhanced Service Account add-on pricing:
+
+| Tier | Pull Rates Per Day* | Annual Fee |
+| ------ | ------ | ------ |
+| 1 | 5,000-10,000 | $9,950/yr |
+| 2 | 10,000-25,000 | $17,950/yr |
+| 3 | 25,000-50,000 | $32,950/yr |
+| 4 | 50,000-100,000 | $58,950/yr |
+| 5 | 100,000+ | [Contact Sales](https://www.docker.com/pricing/questions){:target="_blank" rel="noopener" class="_"} |
+
+<sub>*Once the initial Tier is established, that is the minimum fee for the year.  Annual commitment required.  The service account may exceed Pulls by up to 25% for up to 20 days during the year without incurring additional fees.  Reports on consumption will be provided upon request.  At the end of the initial 1-year term, the appropriate Tier will be established for the following year.<sub>
+
+## How a pull is defined
+
+- A pull request is defined as up to two `GET` requests on registry manifest URLs (`/v2/*/manifests/*`).
+- A normal image pull makes a single manifest request.
+- A pull request for a multi-arch image makes two manifest requests.
+- `HEAD` requests are not counted.
+- Limits are applied based on the user doing the pull, and not based on the image being pulled or its owner.
+
+## Creating a new service account
+
+To create a new service account for your Team account:
+
+1. Create a new Docker ID.
+2. Create a [team](orgs.md#create-a-team) in your organization and grant it read-only access to your private repositories.
+3. Add the new Docker ID to your [organization](orgs.md#working-with-organizations).
+4. Add the new Docker ID  to the [team](orgs.md#add-a-member-to-a-team) you created earlier.
+5. Create a new [personal access token (PAT)](/access-tokens.md) from the user account and use it for CI.
+
+> **Note**
+>
+> If you want a read-only PAT just for your open-source repos, or to access
+official images and other public images, you do not have to grant any access permissions to the new Docker ID.
+
+## Additional information
+
+Refer to the following topics for additional information:
+
+- [Mirroring Docker Hub](../registry/recipes/mirror.md)
+- [Resource Consumption Updates FAQ](https://www.docker.com/pricing/resource-consumption-updates){:target="_blank" rel="noopener" class="_"}
diff --git a/registry/recipes/mirror.md b/registry/recipes/mirror.md
index 800d0a8e89..fdfbc58d52 100644
--- a/registry/recipes/mirror.md
+++ b/registry/recipes/mirror.md
@@ -76,6 +76,10 @@ Multiple registry caches can be deployed over the same back-end. A single
 registry cache ensures that concurrent requests do not pull duplicate data,
 but this property does not hold true for a registry cache cluster.
 
+> **Note**
+>
+> Service accounts included in the Team plan are limited to 5,000 pulls per day. See [Service Accounts](/docker-hub/service-accounts/) for more details.
+
 ### Configure the cache
 
 To configure a Registry to run as a pull through cache, the addition of a