kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update docs regarding IAM roles

This commit is contained in:
Jakub Paweł Głazik 2017-02-12 18:13:46 +01:00
parent 05eb1d5e8e
commit 55f4beb2c5
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docs/iam_roles.md
View File

@ -1,7 +1,10 @@
# IAM Roles
Two IAM roles are created for the cluster: one for the masters, and one for the nodes.
The permissions are kept to the minimum required to setup and maintain the cluster.
> Work is being done on scoping permissions to the minimum required to setup and maintain cluster.
> Please not that currently all Pods running on your cluster have access to instance IAM role.
> Consider using projects such as [kube2iam](https://github.com/jtblin/kube2iam) to prevent that.
Master permissions:

5
docs/security.md
View File

@ -18,6 +18,11 @@ To change the SSH public key on an existing cluster:
* `kops update cluster --yes` to reconfigure the auto-scaling groups
* `kops rolling-update cluster --name <clustername> --yes` to immediately roll all the machines so they have the new key (optional)
## IAM roles
All Pods running on your cluster have access to underlying instance IAM role.
Currently permission scope is quite broad. See [iam_roles.md](iam_roles.md) for details and ways to mitigate that.
## Kubernetes API