Merge pull request #6616 from liggitt/update-securing

Update securing recommendations
2017-12-08 08:46:42 +08:00 · 2017-12-08 08:46:42 +08:00 · d71da4c2d6
parent fc703212c0 f390b50374
commit d71da4c2d6
1 changed files with 13 additions and 1 deletions
--- a/docs/tasks/administer-cluster/securing-a-cluster.md
+++ b/docs/tasks/administer-cluster/securing-a-cluster.md
@ -1,6 +1,9 @@
 ---
 approvers:
 - smarterclayton
+- liggitt
+- ericchiang
+- destijl
 title: Securing a Cluster
 ---

@ -68,6 +71,15 @@ to prevent accidental escalation. You can make roles specific to your use case i

 Consult the [authorization reference section](/docs/admin/authorization/) for more information.

+## Controlling access to the Kubelet
+
+Kubelets expose HTTPS endpoints which give access to data of varying sensitivity, and allow performing operations with varying levels of power on the node and within containers.
+
+By default, Kubelets allow full access to those endpoints.
+
+To secure access to those endpoints, enable Kubelet authentication and authorization.
+
+Consult the [Kubelet authentication/authorization reference](/docs/admin/kubelet-authentication-authorization) for more information.

 ## Controlling the capabilities of a workload or user at runtime

@ -151,7 +163,7 @@ access to a subset of the keyspace is strongly recommended.

 ### Enable audit logging

-The [audit logger](/docs/tasks/debug-application-cluster/audit/) is an alpha feature that records actions taken by the
+The [audit logger](/docs/tasks/debug-application-cluster/audit/) is a beta feature that records actions taken by the
 API for later analysis in the event of a compromise. It is recommended to enable audit logging 
 and archive the audit file on a secure server.