kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #27141 from neolit123/1.21-add-note-about-admin.conf 

kubeadm/create-cluster: add warning about admin.conf
This commit is contained in:
Kubernetes Prow Robot 2021-03-30 09:29:57 -07:00 committed by GitHub
parent e7a3482b6a 669322a78c
commit b0f761598a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
content/en/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm.md
View File

@ -187,6 +187,13 @@ Alternatively, if you are the `root` user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
```
{{< warning >}}
Kubeadm signs the certificate in the `admin.conf` to have `Subject: O = system:masters, CN = kubernetes-admin`.
`system:masters` is a break-glass, super user group that bypasses the authorization layer (e.g. RBAC).
Do not share the `admin.conf` file with anyone and instead grant users custom permissions by generating
them a kubeconfig file using the `kubeadm kubeconfig user` command.
{{< /warning >}}
Make a record of the `kubeadm join` command that `kubeadm init` outputs. You
need this command to [join nodes to your cluster](#join-nodes).