mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-31 15:25:57 +00:00
Small fix for secret doc
This commit is contained in:
parent
c7ca118c7a
commit
6679b850e3
@ -21,7 +21,7 @@ This is an example of a simple secret, in json format:
|
||||
"data": {
|
||||
"username": "dmFsdWUtMQ0K",
|
||||
"password": "dmFsdWUtMg0KDQo="
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
@ -110,7 +110,7 @@ To create a pod that uses an ssh key stored as a secret, we first need to create
|
||||
{
|
||||
"apiVersion": "v1beta2",
|
||||
"kind": "Secret",
|
||||
"id": "ssh-key-secret",
|
||||
"id": "ssh-key-secret",
|
||||
"data": {
|
||||
"id-rsa.pub": "dmFsdWUtMQ0K",
|
||||
"id-rsa": "dmFsdWUtMg0KDQo="
|
||||
@ -318,7 +318,7 @@ Pod level](#use-case-two-containers).
|
||||
### Risks
|
||||
|
||||
- Applications still need to protect the value of secret after reading it from the volume,
|
||||
such not accidentally logging it or transmitting it to an untrusted party.
|
||||
such as not accidentally logging it or transmitting it to an untrusted party.
|
||||
- A user who can create a pod that uses a secret can also see the value of that secret. Even
|
||||
if apiserver policy does not allow that user to read the secret object, the user could
|
||||
run a pod which exposes the secret.
|
||||
@ -330,4 +330,3 @@ Pod level](#use-case-two-containers).
|
||||
by impersonating the kubelet. It is a planned feature to only send secrets to
|
||||
nodes that actually require them, to restrict the impact of a root exploit on a
|
||||
single node.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user