kubernetes
/
community
mirror of https://github.com/kubernetes/community.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Explain that file-based pods cannot use secrets.

This commit is contained in:
Eric Tune 2015-05-28 17:21:32 -07:00
parent f2a6d63dda
commit bd8e7d8424
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
secrets.md
View File

@ -1,4 +1,3 @@
# Secret Distribution
## Abstract
@ -184,6 +183,11 @@ For now, we will not implement validations around these limits. Cluster operato
much node storage is allocated to secrets. It will be the operator's responsibility to ensure that
the allocated storage is sufficient for the workload scheduled onto a node.
For now, kubelets will only attach secrets to api-sourced pods, and not file- or http-sourced
ones. Doing so would:
- confuse the secrets admission controller in the case of mirror pods.
- create an apiserver-liveness dependency -- avoiding this dependency is a main reason to use non-api-source pods.
### Use-Case: Kubelet read of secrets for node
The use-case where the kubelet reads secrets has several additional requirements: