scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-02 11:38:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update kubernetes.mdx (#19567)

Browse Source 
Correct 2 typos
This commit is contained in:
Mark Lewis
2023-03-31 00:42:25 +01:00
committed by GitHub
parent 78ebaf14f6
commit b3d333b67a
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
website/content/docs/secrets/kubernetes.mdx
View File

@@ -39,7 +39,7 @@ management tool.
It's necessary to ensure that the service account Vault uses will have permissions to manage It's necessary to ensure that the service account Vault uses will have permissions to manage
service account tokens, and optionally manage service accounts, roles, and role bindings. These service account tokens, and optionally manage service accounts, roles, and role bindings. These
permissions can be managed using a Kuberentes role or cluster role. The role is attached to the permissions can be managed using a Kubernetes role or cluster role. The role is attached to the
Vault service account with a role binding or cluster role binding. Vault service account with a role binding or cluster role binding.
For example, a minimal cluster role to create service account tokens is: For example, a minimal cluster role to create service account tokens is:
@@ -321,7 +321,7 @@ $ vault write kubernetes/roles/auto-managed-sa-role \
~> **Note**: Vault's service account will also need access to the resources it is granting ~> **Note**: Vault's service account will also need access to the resources it is granting
access to. This can be done for the examples above with `kubectl -n test create rolebinding --role test-role-list-pods --serviceaccount=vault:vault vault-test-role-abilities`. access to. This can be done for the examples above with `kubectl -n test create rolebinding --role test-role-list-pods --serviceaccount=vault:vault vault-test-role-abilities`.
This is how Kuberentes prevents privilege escalation. This is how Kubernetes prevents privilege escalation.
You can read more in the You can read more in the
[Kubernetes RBAC documentation](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#privilege-escalation-prevention-and-bootstrapping). [Kubernetes RBAC documentation](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#privilege-escalation-prevention-and-bootstrapping).