diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-05-19 18:10:39 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-05-19 18:10:39 +0000 |
| commit | e4fc62c0af80cfaaa907aea83ae4012e06a1f9e4 (patch) | |
| tree | 77758b2c2b0ae196be08358f6081a37518ec4317 /doc/user/project | |
| parent | a6508d0028191c42620414994b2fe4ce62467a73 (diff) | |
| download | gitlab-ce-e4fc62c0af80cfaaa907aea83ae4012e06a1f9e4.tar.gz | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/user/project')
| -rw-r--r-- | doc/user/project/clusters/index.md | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/doc/user/project/clusters/index.md b/doc/user/project/clusters/index.md index c2d06e0a22c..341723a0abb 100644 --- a/doc/user/project/clusters/index.md +++ b/doc/user/project/clusters/index.md @@ -351,16 +351,17 @@ You can customize the deployment namespace in a few ways: When you customize the namespace, existing environments remain linked to their current namespaces until you [clear the cluster cache](#clearing-the-cluster-cache). -WARNING: +#### Protecting credentials + By default, anyone who can create a deployment job can access any CI/CD variable in an environment's deployment job. This includes `KUBECONFIG`, which gives access to any secret available to the associated service account in your cluster. To keep your production credentials safe, consider using [protected environments](../../../ci/environments/protected_environments.md), -combined with either +combined with *one* of the following: -- a GitLab-managed cluster and namespace per environment, -- *or*, an environment-scoped cluster per protected environment. The same cluster +- A GitLab-managed cluster and namespace per environment. +- An environment-scoped cluster per protected environment. The same cluster can be added multiple times with multiple restricted service accounts. ### Integrations |