From 0ec8638025d08e99570d67ffc4eac882a3496547 Mon Sep 17 00:00:00 2001 From: Artsiom Kaval Date: Fri, 12 Jun 2020 03:54:17 +0300 Subject: [PATCH] Fix missuse of Secret vs ConfigMap --- content/en/docs/concepts/configuration/configmap.md | 6 +++--- content/zh/docs/concepts/configuration/configmap.md | 10 +++++----- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/content/en/docs/concepts/configuration/configmap.md b/content/en/docs/concepts/configuration/configmap.md index 3e9ddf718f..c6dd70ee19 100644 --- a/content/en/docs/concepts/configuration/configmap.md +++ b/content/en/docs/concepts/configuration/configmap.md @@ -9,7 +9,7 @@ weight: 20 {{< glossary_definition term_id="configmap" prepend="A ConfigMap is" length="all" >}} {{< caution >}} -ConfigMap does not provide secrecy or encryption. +ConfigMap does not provide secrecy or encryption. If the data you want to store are confidential, use a {{< glossary_tooltip text="Secret" term_id="secret" >}} rather than a ConfigMap, or use additional (third party) tools to keep your data private. @@ -85,9 +85,9 @@ These different methods lend themselves to different ways of modeling the data being consumed. For the first three methods, the {{< glossary_tooltip text="kubelet" term_id="kubelet" >}} uses the data from -the Secret when it launches container(s) for a Pod. +the ConfigMap when it launches container(s) for a Pod. -The fourth method means you have to write code to read the Secret and its data. +The fourth method means you have to write code to read the ConfigMap and its data. However, because you're using the Kubernetes API directly, your application can subscribe to get updates whenever the ConfigMap changes, and react when that happens. By accessing the Kubernetes API directly, this diff --git a/content/zh/docs/concepts/configuration/configmap.md b/content/zh/docs/concepts/configuration/configmap.md index 9e746b06b7..77f8ecf846 100644 --- a/content/zh/docs/concepts/configuration/configmap.md +++ b/content/zh/docs/concepts/configuration/configmap.md @@ -10,7 +10,7 @@ weight: 20 {{< caution >}} 您可以使用四种方式来使用 ConfigMap 配置 Pod 中的容器: @@ -121,10 +121,10 @@ the Secret when it launches container(s) for a Pod. 1. 在只读卷里面添加一个文件,让应用来读取 1. 编写代码在 Pod 中运行,使用 Kubernetes API 来读取 ConfigMap -这些不同的方法适用于不同的数据使用方式。对前三个方法,{{< glossary_tooltip text="kubelet" term_id="kubelet" >}} 使用 Secret 中的数据在 Pod 中启动容器。 +这些不同的方法适用于不同的数据使用方式。对前三个方法,{{< glossary_tooltip text="kubelet" term_id="kubelet" >}} 使用 ConfigMap 中的数据在 Pod 中启动容器。 -第四种方法意味着你必须编写代码才能读取 Secret 和它的数据。然而,由于您是直接使用 Kubernetes API,因此只要 ConfigMap 发生更改,您的应用就能够通过订阅来获取更新,并且在这样的情况发生的时候做出反应。通过直接进入 Kubernetes API,这个技术也可以让你能够获取到不同的命名空间里的 ConfigMap。 +第四种方法意味着你必须编写代码才能读取 ConfigMap 和它的数据。然而,由于您是直接使用 Kubernetes API,因此只要 ConfigMap 发生更改,您的应用就能够通过订阅来获取更新,并且在这样的情况发生的时候做出反应。通过直接进入 Kubernetes API,这个技术也可以让你能够获取到不同的命名空间里的 ConfigMap。 这是一个 Pod 的示例,它通过使用 `game-demo` 中的值来配置一个 Pod: