Since 126.96.36.199, by default serviceAccountConfig.limitSecretReferences is off (see the release notes https://docs.openshift.com/enterprise/3.0/whats_new/ose_3_0_release_notes.html).
In light of this it would be good to review the documentation where 'oc secrets link' or 'oc secrets link --for=mount' (but not 'oc secrets link --for=pull', I think) is referenced.
https://docs.openshift.com/container-platform/3.3/dev_guide/service_accounts.html / Managing Allowed Secrets
- should mention that when serviceAccountConfig.limitSecretReferences is off (by default), 'oc secrets link --for=mount' has little effect.
https://docs.openshift.com/container-platform/3.3/dev_guide/managing_images.html / Allowing Pods to Reference Images from Other Secured Registries
- the advice about 'oc secrets link' is superfluous unless serviceAccountConfig.limitSecretReferences is on, which it is probably not in the majority of installs.
https://docs.openshift.com/container-platform/3.3/install_config/registry/securing_and_exposing_registry.html / Securing the Registry
https://docs.openshift.com/container-platform/3.3/dev_guide/builds.html / Source Secrets
I created a PR for this issue:
Can I please get an ack this fulfills this BZ? I'm worried some of the wording is confused.
Review added in PR - many thanks.
Commit pushed to master at https://github.com/openshift/openshift-docs
Merge pull request #3475 from bfallonf/secrets_1411421
Bug 1411421 added information on linking pods to serviceaccounts
Links to released docs: