From 6679b850e38f6ad3dd2cb40928e0542b66720c22 Mon Sep 17 00:00:00 2001 From: Deyuan Deng Date: Fri, 10 Apr 2015 13:35:03 -0400 Subject: [PATCH] Small fix for secret doc --- docs/secrets.md | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/docs/secrets.md b/docs/secrets.md index e574160c5d..bc0c8e98c3 100644 --- a/docs/secrets.md +++ b/docs/secrets.md @@ -1,9 +1,9 @@ -# Secrets +# Secrets Objects of type `secret` are intended to hold sensitive information, such as passwords, OAuth tokens, and ssh keys. Putting this information in a `secret` is safer and more flexible than putting it verbatim in a `pod` definition or in -a docker image. +a docker image. ### Creating and Using Secrets To make use of secrets requires at least two steps: @@ -21,7 +21,7 @@ This is an example of a simple secret, in json format: "data": { "username": "dmFsdWUtMQ0K", "password": "dmFsdWUtMg0KDQo=" - } + } } ``` @@ -110,7 +110,7 @@ To create a pod that uses an ssh key stored as a secret, we first need to create { "apiVersion": "v1beta2", "kind": "Secret", - "id": "ssh-key-secret", + "id": "ssh-key-secret", "data": { "id-rsa.pub": "dmFsdWUtMQ0K", "id-rsa": "dmFsdWUtMg0KDQo=" @@ -272,7 +272,7 @@ Note how the specs for the two pods differ only in one field; this facilitates creating pods with different capabilities from a common pod config template. ### Use-case: Secret visible to one container in a pod - + Consider a program that needs to handle HTTP requests, do some complex business logic, and then sign some messages with an HMAC. Because it has complex @@ -296,7 +296,7 @@ Because `secret` objects can be created independently of the `pods` that use them, there is less risk of the secret being exposed during the workflow of creating, viewing, and editing pods. The system can also take additional precautions with `secret` objects, such as avoiding writing them to disk where -possible. +possible. A secret is only sent to a node if a pod on that node requires it. It is not written to disk. It is stored in a tmpfs. It is deleted once the pod that @@ -308,7 +308,7 @@ Secrets are protected when transmitted over these channels. There may be secrets for several pods on the same node. However, only the secrets that a pod requests are potentially visible within its containers. -Therefore, one Pod does not have access to the secrets of another pod. +Therefore, one Pod does not have access to the secrets of another pod. There may be several containers in a pod. However, each container in a pod has to request the secret volume in its `volumeMounts` for it to be visible within @@ -318,16 +318,15 @@ Pod level](#use-case-two-containers). ### Risks - Applications still need to protect the value of secret after reading it from the volume, - such not accidentally logging it or transmitting it to an untrusted party. + such as not accidentally logging it or transmitting it to an untrusted party. - A user who can create a pod that uses a secret can also see the value of that secret. Even if apiserver policy does not allow that user to read the secret object, the user could run a pod which exposes the secret. If multiple replicas of etcd are run, then the secrets will be shared between them. By default, etcd does not secure peer-to-peer communication with SSL/TLS, though this can be configured. - It is not possible currently to control which users of a kubernetes cluster can - access a secret. Support for this is planned. + access a secret. Support for this is planned. - Currently, anyone with root on any node can read any secret from the apiserver, by impersonating the kubelet. It is a planned feature to only send secrets to nodes that actually require them, to restrict the impact of a root exploit on a single node. -