kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Further updates to clarify language

This commit is contained in:
Mike Waychison 2023-01-19 15:32:18 -05:00
parent 5c9af80d8c
commit d0779881e6
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
content/en/docs/concepts/security/rbac-good-practices.md
View File

@ -130,10 +130,10 @@ reading data from other containers, and abusing the credentials of system servic
You should only allow access to create PersistentVolume objects for: You should only allow access to create PersistentVolume objects for:
- users (cluster operators) that need this access for their work, and who you trust - users (cluster operators) that need this access for their work, and who you trust,
- the Kubernetes control plane, which creates PersistentVolumes based on PersistentVolumeClaims - the Kubernetes control plane components which creates PersistentVolumes based on PersistentVolumeClaims
that are configured for automatic provisioning. that are configured for automatic provisioning.
(Kubernetes usually sets up that access for the control plane when you deploy a cluster). This is usually setup by the Kubernetes provider or by the operator when installing a CSI driver.
Where access to persistent storage is required trusted administrators should create Where access to persistent storage is required trusted administrators should create
PersistentVolumes, and constrained users should use PersistentVolumeClaims to access that storage. PersistentVolumes, and constrained users should use PersistentVolumeClaims to access that storage.