docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9753 from omegamormegil/patch-21 

granting cluster-admin to normal users
This commit is contained in:
Traci Morrison 2019-12-11 14:30:39 -05:00 committed by GitHub
parent a2bf94cda1 ddec061b7f
commit 632f16cd3b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ee/ucp/authorization/index.md
View File

@ -90,7 +90,7 @@ together.
Only an administrator can manage grants, subjects, roles, and access to Only an administrator can manage grants, subjects, roles, and access to
resources. resources.
> About administrators > Note
> >
> An administrator is a user who creates subjects, groups resources by moving them > An administrator is a user who creates subjects, groups resources by moving them
> into collections or namespaces, defines roles by selecting allowable operations, > into collections or namespaces, defines roles by selecting allowable operations,
@ -103,7 +103,14 @@ For cluster security, only UCP admin users and service accounts that are
granted the `cluster-admin` ClusterRole for all Kubernetes namespaces via a granted the `cluster-admin` ClusterRole for all Kubernetes namespaces via a
ClusterRoleBinding can deploy pods with privileged options. This prevents a ClusterRoleBinding can deploy pods with privileged options. This prevents a
platform user from being able to bypass the Universal Control Plane Security platform user from being able to bypass the Universal Control Plane Security
Model. These privileged options include: Model.
> Note
>
> Granting the `cluster admin` ClusterRole to normal users does not allow
> them to deploy privileged pods.
These privileged options include:
Pods with any of the following defined in the Pod Specification: Pods with any of the following defined in the Pod Specification: