Clarify that list, get and watch can return data

[SamLR]

The get, list and watch verbs can all be used to retrieve the full details of a resource. It is not an uncommon assumption amongst users that they return different data (e.g. that list only returns the names of resources; when it can return the full object).

This adds a caution block to highlight this potential gotcha.

I'm not certain whether this is the best/only location that this should be called out (another option would be on the various specific authorization pages) but it feels like a reasonable start.

This was prompted by a private discussion and this issue: kubernetes/kubernetes#110866

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: SamLR / name: Sam Cook (2f0d4a5)

[k8s-ci-robot]

Welcome @SamLR!

It looks like this is your first PR to kubernetes/website 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes/website has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

[netlify]

✅ Pull request preview available for checking

Built without sensitive environment variables

Name	Link
🔨 Latest commit	2f0d4a5
🔍 Latest deploy log	https://app.netlify.com/sites/kubernetes-io-main-staging/deploys/62c8047a70fd3f00083e4ba7
😎 Deploy Preview	https://deploy-preview-34873--kubernetes-io-main-staging.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site settings.

[tengqm]

This is an important reminder for new users.
/lgtm

[k8s-ci-robot]

LGTM label has been added.

Git tree hash: bd719eec81be1512cb8b27dfd1a7a2833b1ec0e2

[sftim]

This is an important reminder for new users.

💯

/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: sftim

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• content/en/OWNERS [sftim]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[mtardy]

Just wanted to highlight that this warning is present on the RBAC good practices page https://kubernetes.io/docs/concepts/security/rbac-good-practices/#listing-secrets! :)

[SamLR]

Just wanted to highlight that this warning is present on the RBAC good practices page https://kubernetes.io/docs/concepts/security/rbac-good-practices/#listing-secrets! :)

Ah thank you! I don't think I was aware of this page.

[mtardy]

No problem, thanks Tim for making the connection: kubernetes/sig-security#28 (comment). By the way, if you want to take a look at the work he was mentioning since it is linked to what you merged here -> security checklist here #33992 😃 .

[sftim]

Relevant to #32564