Skip to content

Commit

Permalink
Fix secrets docs
Browse files Browse the repository at this point in the history
  • Loading branch information
@wojtek-t
wojtek-t committed Aug 24, 2018
1 parent 1ea8f96 commit 382942d
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions content/en/docs/concepts/configuration/secret.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -339,9 +339,13 @@ files.

When a secret being already consumed in a volume is updated, projected keys are eventually updated as well.
Kubelet is checking whether the mounted secret is fresh on every periodic sync.
However, it is using its local ttl-based cache for getting the current value of the secret.
However, it is using its local cache propagated for getting the current value of the secret.
The type of the cache is configurable and can be either propagated via watch (default),
ttl-based or simply redirecting all requests to directly kube-apiserver.
As a result, the total delay from the moment when the secret is updated to the moment when new keys are
projected to the pod can be as long as kubelet sync period + ttl of secrets cache in kubelet.
projected to the pod can be as long as kubelet sync period + cache propagation delay,
where cache propagation delay depends on the chosen cache type (it equals to watch
propagation delay, ttl of cache or zero corespondingly).

{{< note >}}
**Note:** A container using a Secret as a
Expand Down

0 comments on commit 382942d

Please sign in to comment.