kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1950 from zytek/iam-route53-docs 

docs: reflect changes made in #1871
This commit is contained in:
yissachar 2017-02-20 17:04:04 -05:00 committed by GitHub
parent a1d98a3aa9 91cb0f8297
commit cab7cd3540
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
docs/iam_roles.md
View File

@ -10,7 +10,6 @@ Master permissions:
```
ec2:*
route53:*
elasticloadbalancing:*
ecr:GetAuthorizationToken
ecr:BatchCheckLayerAvailability
@ -19,6 +18,11 @@ ecr:GetRepositoryPolicy
ecr:DescribeRepositories
ecr:ListImages
ecr:BatchGetImage
route53:ListHostedZones
route53:GetChange
// The following permissions are scoped to AWS Route53 HostedZone used to bootstrap the cluster
// arn:aws:route53:::hostedzone/$hosted_zone_id
route53:ChangeResourceRecordSets, ListResourceRecordSets, GetHostedZone
// The following permissions are only created if you are using etcd volumes with "encrypted: true" and a custom kmsKeyId.
// They are scoped to the kmsKeyId that you are using.
@ -36,7 +40,6 @@ Node permissions:
```
ec2:Describe*
route53:*
ecr:GetAuthorizationToken
ecr:BatchCheckLayerAvailability
ecr:GetDownloadUrlForLayer
@ -44,6 +47,11 @@ ecr:GetRepositoryPolicy
ecr:DescribeRepositories
ecr:ListImages
ecr:BatchGetImage
route53:ListHostedZones
route53:GetChange
// The following permissions are scoped to AWS Route53 HostedZone used to bootstrap the cluster
// arn:aws:route53:::hostedzone/$hosted_zone_id
route53:ChangeResourceRecordSets, ListResourceRecordSets, GetHostedZone
```
## Adding Additional Policies