kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #6399 from SamClinckspoor/patch-1 

Fix links to Node auth and NodeRestrictions
pull/6400/head
Qiming 2017-11-21 22:01:46 +08:00 committed by GitHub
parent 84f8c03e7f 66350ad1f2
commit e7e7aa017e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/admin/authorization/rbac.md
View File

@ -463,9 +463,7 @@ The permissions required by individual control loops are contained in the <a hre
<td><b>system:node</b></td>
<td>None in 1.8+</td>
<td>Allows access to resources required by the kubelet component, <b>including read access to all secrets, and write access to all pod status objects</b>.
As of 1.7, use of the [Node authorizer](/docs/admin/authorization/node/)
and [NodeRestriction admission plugin](/docs/admin/admission-controllers#NodeRestriction)
is recommended instead of this role, and allow granting API access to kubelets based on the pods scheduled to run on them.
As of 1.7, use of the <a href="/docs/admin/authorization/node/">Node authorizer</a> and <a href="/docs/admin/admission-controllers/#noderestriction">NodeRestriction admission plugin</a> is recommended instead of this role, and allow granting API access to kubelets based on the pods scheduled to run on them.
Prior to 1.7, this role was automatically bound to the `system:nodes` group.
In 1.7, this role was automatically bound to the `system:nodes` group if the `Node` authorization mode is not enabled.
In 1.8+, no binding is automatically created.