kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Further updates to clarify language

This commit is contained in:
Mike Waychison 2023-01-19 15:32:18 -05:00
parent 5c9af80d8c
commit d0779881e6
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
content/en/docs/concepts/security/rbac-good-practices.md
View File

@ -130,10 +130,10 @@ reading data from other containers, and abusing the credentials of system servic
You should only allow access to create PersistentVolume objects for:
- users (cluster operators) that need this access for their work, and who you trust
- the Kubernetes control plane, which creates PersistentVolumes based on PersistentVolumeClaims
- users (cluster operators) that need this access for their work, and who you trust,
- the Kubernetes control plane components which creates PersistentVolumes based on PersistentVolumeClaims
that are configured for automatic provisioning.
(Kubernetes usually sets up that access for the control plane when you deploy a cluster).
This is usually setup by the Kubernetes provider or by the operator when installing a CSI driver.
Where access to persistent storage is required trusted administrators should create
PersistentVolumes, and constrained users should use PersistentVolumeClaims to access that storage.