kubernetes · k8s-ci-robot · Mar 18, 2019 · Mar 17, 2019 · Mar 17, 2019 · Mar 17, 2019
diff --git a/content/en/docs/tasks/configure-pod-container/configure-gmsa.md b/content/en/docs/tasks/configure-pod-container/configure-gmsa.md
@@ -16,13 +16,13 @@ In Kubernetes, GMSA credential specs are configured at a Kubernetes cluster-wide
 Currently this feature is in alpha state. While the overall goals and functionality will not change, the way in which the GMSA credspec references are specified in pod specs may change from annotations to API fields. Please take this into consideration when testing or adopting this feature.
 {{< /note >}}
 
-{{% /capture %}}
-
-{{% capture body %}}
-
 ## Setup and configuration for GMSA
 Configuring GMSA credential specs in the cluster and configuring individual pods and containers to be able to use them requires several steps described in detail below.
 
+{{% /capture %}}
+
+{{% capture prerequisites %}}
+
 ### Initial configuration of Kubernetes cluster to use GMSA
 This section covers a set of initial steps required once for each cluster. These include:
 1. Enabling the `WindowsGMSA` feature gate on kubelet on the Windows nodes you'll use to run GMSA-dependent workloads.
@@ -56,6 +56,10 @@ Before pods in Kubernetes can be configured to use GMSAs, the following configur
 1. The desired GMSAs need to be provisioned in Active Directory as described [here](https://docs.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/getting-started-with-group-managed-service-accounts#BKMK_Step1)
 2. Windows worker nodes need to be configured in Active Directory to access the secret credentials associated with a GMSA as described [here](https://docs.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/getting-started-with-group-managed-service-accounts#to-add-member-hosts-using-the-set-adserviceaccount-cmdlet)
 
+{{% /capture %}}
+
+{{% capture steps %}}
+
 ### Configuration and usage of GMSAs in pods
 This section covers the set of steps necessary for configuring individual GMSA credential specs in Kubernetes and using them in pods. The steps include:
 1. Creating GMSA credential spec resources.
@@ -196,6 +200,10 @@ spec:
         beta.kubernetes.io/os: windows
 ```
 
+{{% /capture %}}
+
+{{% capture body %}}
+
 ### Conclusion
 As pod specs with GMSA annotations (as described above) are applied in a cluster configured for GMSA, the following sequence of events will take place:
 1. The mutating webhook will resolve and expand all references to GMSA credential spec resources to the contents of the GMSA credential spec.