locality: {}
  policy:
    overprovisioningFactor: 140
- clusterName: sds-grpc
  endpoints:
  - lbEndpoints:
    - endpoint:
        address:
          pipe:
            path: ./var/run/secrets/workload-spiffe-uds/socket
        healthCheckConfig: {}
      healthStatus: HEALTHY
      loadBalancingWeight: 1
    locality: {}
  policy:
    overprovisioningFactor: 140

  // Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
  // Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"),  but not both.
  // +optional
  repeated string nonResourceURLs = 5;
}

              passwordSecret:
                description: passwordSecret is name of the authentication secret for
                  BGP Peer. the secret must be of type "kubernetes.io/basic-auth",
                  and created in the same namespace as the MetalLB deployment. The
                  password is stored in the secret as the key "password".
                properties:
                  name:

	secretConfigCmd := &cobra.Command{
		Use:   "secret [<type>/]<name>[.<namespace>]",
		Short: "Retrieves secret configuration for the Envoy in the specified pod",
		Long:  `Retrieve information about secret configuration for the Envoy instance in the specified pod.`,
		Example: `  # Retrieve full secret configuration for a given pod from Envoy.
  istioctl proxy-config secret <pod-name[.namespace]>

  // Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
  // Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"),  but not both.
  // +optional
  repeated string nonResourceURLs = 6;
}

# Settings and Environment Variables

In many cases your application could need some external settings or configurations, for example secret keys, database credentials, credentials for email services, etc.

Most of these settings are variable (can change), like database URLs. And many could be sensitive, like secrets.

For this reason it's common to provide them in environment variables that are read by the application.

/// tip

  ## MINIO_SUBNET_LICENSE: "License key obtained from https://subnet.min.io"
  ## MINIO_BROWSER: "off"

## The name of a secret in the same kubernetes namespace which contain secret values
## This can be useful for LDAP password, etc
## The key in the secret must be 'config.env'
##
extraSecret: ~

## OpenID Identity Management

### CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin

- Use of secret-based service account tokens now adds an `authentication.k8s.io/legacy-token-autogenerated-secret` or `authentication.k8s.io/legacy-token-manual-secret` audit annotation containing the name of the secret used. ([#118598](https://github.com/kubernetes/kubernetes/pull/118598), [@yuanchen8911](https://github.com/yuanchen8911)) [SIG Auth, Instrumentation...

                  .build()
            }
          })
          .build()

      fun run() {
        val request = Request.Builder()
            .url("http://publicobject.com/secrets/hellosecret.txt")
            .build()
      }
    ```