Skip to content

Commit 32e47b3

Browse files
mtardymtardy
committed
Fix a few mini typos in the API bypass security page
1 parent d554e3e commit 32e47b3

File tree

1 file changed

+4
-4
lines changed

1 file changed

+4
-4
lines changed

content/en/docs/concepts/security/api-server-bypass-risks.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ your cluster. The API server doesn't manage these static Pods. An attacker with
2929
access to this location could modify the configuration of static pods loaded from that
3030
source, or could introduce new static Pods.
3131

32-
Static Pods are restricted from accessing other objects in the Kubernetes API . For example,
32+
Static Pods are restricted from accessing other objects in the Kubernetes API. For example,
3333
you can't configure a static Pod to mount a Secret from the cluster. However, these Pods can
3434
take other security sensitive actions, such as using `hostPath` mounts from the underlying
3535
node.
@@ -41,7 +41,7 @@ be discovered by tooling that has access to the affected host(s).
4141

4242
If a static Pod fails admission control, the kubelet won't register the Pod with the
4343
API server. However, the Pod still runs on the node. For more information, refer to
44-
[kubeadm issue #1541](https://github.com/kubernetes/kubeadm/issues/1541#issuecomment-487331701)).
44+
[kubeadm issue #1541](https://github.com/kubernetes/kubeadm/issues/1541#issuecomment-487331701).
4545

4646
### Mitigations {#static-pods-mitigations}
4747

@@ -89,7 +89,7 @@ The default anonymous access doesn't make this assertion with the control plane.
8989
## The etcd API
9090

9191
Kubernetes clusters use etcd as a datastore. The `etcd` service listens on TCP port 2379.
92-
the only clients that need access are the Kubernetes API server and any backup tooling
92+
The only clients that need access are the Kubernetes API server and any backup tooling
9393
that you use. Direct access to this API allows for disclosure or modification of any
9494
data held in the cluster.
9595

@@ -117,7 +117,7 @@ that are only used for health checking can also grant full read and write access
117117
authentication to that service.
118118
- Control access to the private key for the etcd server certificate, and to the API server's
119119
client certificate and key.
120-
- Consider restricting access to the the etcd port at a network level, to only allow access
120+
- Consider restricting access to the etcd port at a network level, to only allow access
121121
from specified and trusted IP address ranges.
122122

123123

0 commit comments

Comments
 (0)