docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Adjusted for Changes in 3.0.2 

Signed-off-by: ollypom <oppomeroy@gmail.com>
This commit is contained in:
ollypom 2018-07-06 12:58:06 +01:00
parent e74fd60201
commit 84905ed6d9
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ee/ucp/authorization/migrate-kubernetes-roles.md
View File

@ -113,8 +113,9 @@ Kubernetes workloads:
* Docker EE has its own RBAC system, so it's not possible to create * Docker EE has its own RBAC system, so it's not possible to create
`ClusterRole` objects, `ClusterRoleBinding` objects, or any other object that is `ClusterRole` objects, `ClusterRoleBinding` objects, or any other object that is
created by using the `/apis/rbac.authorization.k8s.io` endpoints. created by using the `/apis/rbac.authorization.k8s.io` endpoints.
* To make sure your cluster is secure, only users with the "Full Control" role of the given Kubernetes namespace can deploy pods with * To make sure your cluster is secure, only users and service accounts that have been
privileged options. These are options like `PodSpec.hostIPC`, `PodSpec.hostNetwork`, granted "Full Control" of all Kubernetes namespaces can deploy pods with privileged
options. This includes: `PodSpec.hostIPC`, `PodSpec.hostNetwork`,
`PodSpec.hostPID`, `SecurityContext.allowPrivilegeEscalation`, `PodSpec.hostPID`, `SecurityContext.allowPrivilegeEscalation`,
`SecurityContext.capabilities`, `SecurityContext.privileged`, and `SecurityContext.capabilities`, `SecurityContext.privileged`, and
`Volume.hostPath`. `Volume.hostPath`.