docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

granting cluster-admin to normal users 

Added note to clarify results of granting cluster-admin to normal users. This question was raised by a customer in support case# 100567
This commit is contained in:
Nathan Jones 2019-10-28 18:03:00 -04:00 committed by GitHub
parent c0d28a9292
commit aef5e64894
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ee/ucp/authorization/index.md
View File

@ -103,7 +103,12 @@ For cluster security, only UCP admin users and service accounts that are
granted the `cluster-admin` ClusterRole for all Kubernetes namespaces via a
ClusterRoleBinding can deploy pods with privileged options. This prevents a
platform user from being able to bypass the Universal Control Plane Security
Model. These privileged options include:
Model.
> Note: Granting the `cluster admin` ClusterRole to normal users does not allow
> them to deploy privilaged pods.
These privileged options include:
Pods with any of the following defined in the Pod Specification: