The "Automatic mounting of manually created Secrets" section of the
Secrets documentation previously suggesting using PodPresets. PodPresets
have been removed, there is no alternate facility described, and it's
unclear if auto-mounting secrets based on associations with
ServiceAccounts was ever supported. Accordingly, the section should be
removed.
Adds a `caution` note that SSH key pairs do not establish trust between
clients and servers. A secondary method is required to establish trust
between an SSH client and host server, such as fixed `known_hosts` file.
Clients which do not establish adequate trust are vulnerable to "man in
the middle" impersonation attacks.
Signed-off-by: Adam Kaplan <adam.kaplan@redhat.com>
This PR adds a paragraph explaining the insecure by default nature of k8s secrets, and points users at the documentation to turn on encryption at rest and RBAC.
I think a second page needs to be created showing the correct combination of RBAC rules for various cases, which should eventually replace the link to the RBAC documentation.
There are many contents in the (*very big*) Secret concept page which
are actually tasks. This PR proposes a separation of some contents
into separate tasks, so that we have a (hopefully) better organization
of the content and we make room for improvement to the concept itself.
Note that the creation of the `configmap-secret` directory (instead of
`secret`) is an intent to create a folder for both ConfigMap and Secret,
both of which are about configurations though there are quite some
differences between them.
The feature is in `beta` since Kubernetes v1.19.0 so it is enabled per
default. This means that we can omit the hint to enable the feature
gate manually.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
1. The example is using YAML which supports octal notation. Updated the corresponding doc.
2. Clarified we need to follow the symlink to find the correct file mode.
Kubernetes Prow Robot
Yuval Avrahami
Niko Felger
Zulai Wang
toshokan
Tim Bannister
Qiming Teng
Victor Palade
Karen Bradshaw
wojtekt
Jacob Henner
Federico Gallo
Bartlomiej Takuski
Tom Kivlin
Qiming Teng
lostsquirrel
Sylvain Coulombel
Adam Kaplan
amyXia1994
Adam Jacob
Sascha Grunert
Savitha Raghunathan
Jerry Park
TAKAHASHI Shuuji
Soumith Kumar Mudugonda
jqmichael
Sylvain COULOMBEL
Joel
Cristobal Dabed
Cristobal Dabed