From f78772d88646efe7f1236a43f86d984674e6fb33 Mon Sep 17 00:00:00 2001 From: Rita Zhang Date: Mon, 28 Oct 2024 08:01:33 -0700 Subject: [PATCH] deprecate EnforceMountableSecretsAnnotation in 1.32 Signed-off-by: Rita Zhang Kubernetes-commit: e7cdc595551954d6b87a859296eb09fddd01f3c9 --- artifacts/openapi/swagger-with-shared-parameters.json | 2 +- artifacts/openapi/swagger.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/artifacts/openapi/swagger-with-shared-parameters.json b/artifacts/openapi/swagger-with-shared-parameters.json index 15d819bc..13877fb7 100644 --- a/artifacts/openapi/swagger-with-shared-parameters.json +++ b/artifacts/openapi/swagger-with-shared-parameters.json @@ -9630,7 +9630,7 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "secrets": { - "description": "Secrets is a list of the secrets in the same namespace that pods running using this ServiceAccount are allowed to use. Pods are only limited to this list if this service account has a \"kubernetes.io/enforce-mountable-secrets\" annotation set to \"true\". This field should not be used to find auto-generated service account token secrets for use outside of pods. Instead, tokens can be requested directly using the TokenRequest API, or service account token secrets can be manually created. More info: https://kubernetes.io/docs/concepts/configuration/secret", + "description": "Secrets is a list of the secrets in the same namespace that pods running using this ServiceAccount are allowed to use. Pods are only limited to this list if this service account has a \"kubernetes.io/enforce-mountable-secrets\" annotation set to \"true\". The \"kubernetes.io/enforce-mountable-secrets\" annotation is deprecated since v1.32. Prefer separate namespaces to isolate access to mounted secrets. This field should not be used to find auto-generated service account token secrets for use outside of pods. Instead, tokens can be requested directly using the TokenRequest API, or service account token secrets can be manually created. More info: https://kubernetes.io/docs/concepts/configuration/secret", "items": { "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" }, diff --git a/artifacts/openapi/swagger.json b/artifacts/openapi/swagger.json index 9ad11fe1..eb286e2c 100644 --- a/artifacts/openapi/swagger.json +++ b/artifacts/openapi/swagger.json @@ -10019,7 +10019,7 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "secrets": { - "description": "Secrets is a list of the secrets in the same namespace that pods running using this ServiceAccount are allowed to use. Pods are only limited to this list if this service account has a \"kubernetes.io/enforce-mountable-secrets\" annotation set to \"true\". This field should not be used to find auto-generated service account token secrets for use outside of pods. Instead, tokens can be requested directly using the TokenRequest API, or service account token secrets can be manually created. More info: https://kubernetes.io/docs/concepts/configuration/secret", + "description": "Secrets is a list of the secrets in the same namespace that pods running using this ServiceAccount are allowed to use. Pods are only limited to this list if this service account has a \"kubernetes.io/enforce-mountable-secrets\" annotation set to \"true\". The \"kubernetes.io/enforce-mountable-secrets\" annotation is deprecated since v1.32. Prefer separate namespaces to isolate access to mounted secrets. This field should not be used to find auto-generated service account token secrets for use outside of pods. Instead, tokens can be requested directly using the TokenRequest API, or service account token secrets can be manually created. More info: https://kubernetes.io/docs/concepts/configuration/secret", "items": { "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" },