Merge pull request #49055 from my-git9/pp-29517

[zh-cn]sync secrets-good-practices.md
2024-12-13 01:02:25 +01:00 · 2024-12-13 01:02:25 +01:00 · 7fc66ed5bb
parent 6cb03069c9 7eb74cfeca
commit 7fc66ed5bb
1 changed files with 4 additions and 10 deletions
--- a/content/zh-cn/docs/concepts/security/secrets-good-practices.md
+++ b/content/zh-cn/docs/concepts/security/secrets-good-practices.md
@ -113,18 +113,12 @@ recommendations include:
 * 实现对特定事件发出警报的审计规则，例如同一用户并发读取多个 Secret 时发出警报

 <!--
-#### Additional ServiceAccount annotations for Secret management
-
-You can also use the `kubernetes.io/enforce-mountable-secrets` annotation on
-a ServiceAccount to enforce specific rules on how Secrets are used in a Pod.
-For more details, see the [documentation on this annotation](/docs/reference/labels-annotations-taints/#enforce-mountable-secrets).
+#### Restrict Access for Secrets
+Use separate namespaces to isolate access to mounted secrets.
 -->
-#### 用于 Secret 管理的附加 ServiceAccount 注解
+#### 限制 Secret 的访问

-你还可以在 ServiceAccount 上使用 `kubernetes.io/enforce-mountable-secrets`
-注解来强制执行有关如何在 Pod 中使用 Secret 的特定规则。
-
-更多详细信息，请参阅[有关此注解的文档](/zh-cn/docs/reference/labels-annotations-taints/#enforce-mountable-secrets)。
+使用单独的命名空间来隔离对挂载 Secret 的访问。

 <!--
 ### Improve etcd management policies