apply changes due to review

Katie Horne · Katie Horne · commit 13610f5d3811 · 2021-10-13T08:04:01.000-05:00
diff --git a/guides/admin/shared-security.md b/guides/admin/shared-security.md
@@ -30,25 +30,25 @@ performance:
   - Depletion as denial of service
     - PVC
     - Ephemeral
-  - Networking
-    - Encryption (mTLS)
-      - Certificates
-        - TLS certificates presented by `coderd`
-        - TLS certificats presented by the applications with which Coder
-          interacts
-    - Boundaries (e.g., network policies)
-    - External interactions (ingress and egress)
-    - IP address depletion as denial of service
-      - Each workspace gets an IP address in the `pod` subset
-      - Each dev URL gets an IP address in the `services` subnet
-  - Kubernetes roles
-    - Service accounts for Coder to create pods
-    - Cluster admins (use of cluster admins can pose a security risk)
-    - Cloud access to the control plane
-  - Node security
-    - Upgrades to keep up with Kubernetes
-    - Access to node user accounts
-    - Cloud access to nodes
+- Networking
+  - Encryption (mTLS)
+    - Certificates
+      - TLS certificates presented by `coderd`
+      - TLS certificats presented by the applications with which Coder
+        interacts
+  - Boundaries (e.g., network policies)
+  - External interactions (ingress and egress)
+  - IP address depletion as denial of service
+    - Each workspace gets an IP address in the `pod` subset
+    - Each dev URL gets an IP address in the `services` subnet
+- Kubernetes roles
+  - Service accounts for Coder to create pods
+  - Cluster admins (use of cluster admins can pose a security risk)
+  - Cloud access to the control plane
+- Node security
+  - Upgrades to keep up with Kubernetes
+  - Access to node user accounts
+  - Cloud access to nodes
 
 ### Recommendations
 
@@ -72,14 +72,14 @@ deploying security controls:
   - Site admins could convert a user authenticating via OIDC to built-in,
     allowing the admin to impersonate the user
 - Container registry
-  - The registry account used to add the registry should be a specific
+  - The registry account used to access images should be a specific
     Coder-only account so that Coder users can only pull approved images
   - CVMs can only pull unauthenticated containers, which means that any user can
     reference any container within the registry
 - Git provider
   - OAuth linkage allows Coder admins to perform actions as the linked Git user
   - SSH keys generated by Coder and added to workspaces can be used to
-    facilitate 2FA to Coder via GitLab
+    circumvent 2FA to GitLab via Coder
   - Git integration request both SSH and HTTPS access to function
   - Access to all user repos must be added to a Coder workspace to clone private
     dotfiles repos
