diff --git a/secrets.md b/secrets.md index cbf93ee2b..0bacb8d4b 100644 --- a/secrets.md +++ b/secrets.md @@ -122,7 +122,7 @@ We should consider what the best way to allow this is; there are a few different 3. Give secrets attributes that allow the user to express that the secret should be presented to the container as an environment variable. The container's environment would contain the - desired values and the software in the container could use them without accomodation the + desired values and the software in the container could use them without accommodation the command or setup script. For our initial work, we will treat all secrets as files to narrow the problem space. There will diff --git a/service_accounts.md b/service_accounts.md index 9e6bc099f..72a102070 100644 --- a/service_accounts.md +++ b/service_accounts.md @@ -149,7 +149,7 @@ First, if it finds pods which have a `Pod.Spec.ServiceAccountUsername` but no `P then it copies in the referenced securityContext and secrets references for the corresponding `serviceAccount`. Second, if ServiceAccount definitions change, it may take some actions. -**TODO**: decide what actions it takes when a serviceAccount defintion changes. Does it stop pods, or just +**TODO**: decide what actions it takes when a serviceAccount definition changes. Does it stop pods, or just allow someone to list ones that out out of spec? In general, people may want to customize this? Third, if a new namespace is created, it may create a new serviceAccount for that namespace. This may include