|
|
|
|
|
|
by benth
3418 days ago
|
|
|
It's not so much the plain text part that bothers me, it's the access control. Quoting the docs at https://kubernetes.io/docs/user-guide/secrets/#security-prop...: "Currently, anyone with root on any node can read any secret from the apiserver, by impersonating the kubelet. It is a planned feature to only send secrets to nodes that actually require them, to restrict the impact of a root exploit on a single node." As your cluster grows, your risk grows. |
|
|