fix docs

docs/askpass-url.md

@@ -2,9 +2,9 @@
 
 ## Step 1: Create a GIT_ASKPASS HTTP Service
 
-The GIT ASKPASS Service expose via HTTP and provide the answer to GIT_ASKPASS.
+The GIT ASKPASS Service is exposed via HTTP and provide the answer to GIT_ASKPASS.
 
-Example of the servcie's output, see more at <https://git-scm.com/docs/gitcredentials>
+Example of the service's output, see more at <https://git-scm.com/docs/gitcredentials>
 
 ```json
 username=xxx@example.com
@@ -18,23 +18,19 @@ In your git-sync container configuration, specify the GIT_ASKPASS_URL
 The credentials will pass in plain text, make sure the connection between git-sync
 and GIT ASKPASS Service are secure.
 
-The recommended way is the ASKPASS Service running within the same pod as git-sync.
+The recommended situation are:
 
-See <https://github.com/cydu-cloud/git-askpass-gce-node> as a full example which use GCE Node Service Account credential to access Google Cloud Source Repo.
+* ASKPASS Service running within the same pod as git-sync.
+* ASKPASS Service rely on [GCE metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata) to get service account's credential to access Google Cloud Source Repo.
 
-```json
+See <https://github.com/cydu-cloud/git-askpass-gce-node> as a full example.
-{
+
-    name: "git-sync",
+```yaml
-    ...
+name: "git-sync"
-    env: [
+...
-        {
+env:
-            name: "GIT_SYNC_REPO",
+  - name: "GIT_SYNC_REPO",
     value: "https://source.developers.google.com/p/[GCP PROJECT ID]/r/[REPO NAME]"
-        }, {
+  - name: "GIT_ASKPASS_URL",
-            name: "GIT_ASKPASS_URL",
     value: "http://localhost:9102/git_askpass",
-        },
-    ...
-    ]
-}
 ```

docs/cookie-file.md

@@ -22,16 +22,12 @@ In your Pod or Deployment configuration, specify a Volume for mounting the
 cookie-file Secret. Make sure to set `secretName` to the same name you used to
 create the secret (`git-cookie-file` in the example above).
 
-```json
+```yaml
-volumes: [
+volumes:
-    {
+  - name: git-secret
-        "name": "git-secret",
+    secret:
-        "secret": {
+      secretName: git-cookie-file
-          "secretName": "git-cookie-file",
+      defaultMode: 0440
-        }
-    },
-    ...
-],
 ```
 
 ## Step 3: Configure git-sync container
@@ -42,26 +38,16 @@ environment variable `GIT_COOKIE_FILE` to "true", and to use a git repo
 (`--repo` flag or `GIT_SYNC_REPO` env) is set to use a URL with the HTTP
 protocol.
 
-```json
+```yaml
-{
+name: "git-sync"
-    name: "git-sync",
+...
-    ...
+env:
-    env: [
+  - name: GIT_SYNC_REPO
-        {
+    value: https://github.com/kubernetes/kubernetes.git
-            name: "GIT_SYNC_REPO",
+  - name: GIT_COOKIE_FILE
-            value: "https://github.com/kubernetes/kubernetes.git"
+    value: true
-        }, {
+volumeMounts:
-            name: "GIT_COOKIE_FILE",
+  - name: git-secret
-            value: "true",
+    mountPath: /etc/git-secret
-        },
+    readOnly: true
-    ...
-    ]
-    volumeMounts: [
-        {
-            "name": "git-secret",
-            "mountPath": "/etc/git-secret"
-        },
-        ...
-    ],
-}
 ```

docs/ssh.md

@@ -130,7 +130,7 @@ spec:
       - name: git-secret
         secret:
           secretName: git-creds
-          defaultMode: 288 # = mode 0440
+          defaultMode: 0440
       containers:
       - name: git-sync
         image: k8s.gcr.io/git-sync:v3.1.1
@@ -145,6 +145,7 @@ spec:
         volumeMounts:
         - name: git-secret
           mountPath: /etc/git-secret
+          readOnly: true
       securityContext:
         fsGroup: 65533 # to make SSH key readable
 ```