Merge pull request #6399 from SamClinckspoor/patch-1
Fix links to Node auth and NodeRestrictionspull/6400/head
Qiming
GitHub
commit
e7e7aa017e
|
|
@ -463,9 +463,7 @@ The permissions required by individual control loops are contained in the <a hre
|
||||||
<td><b>system:node</b></td>
|
<td><b>system:node</b></td>
|
||||||
<td>None in 1.8+</td>
|
<td>None in 1.8+</td>
|
||||||
<td>Allows access to resources required by the kubelet component, <b>including read access to all secrets, and write access to all pod status objects</b>.
|
<td>Allows access to resources required by the kubelet component, <b>including read access to all secrets, and write access to all pod status objects</b>.
|
||||||
As of 1.7, use of the [Node authorizer](/docs/admin/authorization/node/)
|
As of 1.7, use of the <a href="/docs/admin/authorization/node/">Node authorizer</a> and <a href="/docs/admin/admission-controllers/#noderestriction">NodeRestriction admission plugin</a> is recommended instead of this role, and allow granting API access to kubelets based on the pods scheduled to run on them.
|
||||||
and [NodeRestriction admission plugin](/docs/admin/admission-controllers#NodeRestriction)
|
|
||||||
is recommended instead of this role, and allow granting API access to kubelets based on the pods scheduled to run on them.
|
|
||||||
Prior to 1.7, this role was automatically bound to the `system:nodes` group.
|
Prior to 1.7, this role was automatically bound to the `system:nodes` group.
|
||||||
In 1.7, this role was automatically bound to the `system:nodes` group if the `Node` authorization mode is not enabled.
|
In 1.7, this role was automatically bound to the `system:nodes` group if the `Node` authorization mode is not enabled.
|
||||||
In 1.8+, no binding is automatically created.
|
In 1.8+, no binding is automatically created.
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue