Skip to content
Permalink
Browse files

Remove requirement for unsupported k8s version for NodeRestriction. (#…

  • Loading branch information...
miteshskj authored and k8s-ci-robot committed Nov 1, 2019
1 parent f7428bd commit 0019c593dca9e96e58fa51582c0dafde5f8a8c41
Showing with 2 additions and 3 deletions.
  1. +2 −3 content/en/docs/concepts/configuration/assign-pod-node.md
@@ -99,9 +99,8 @@ and influencing the scheduler to schedule workloads to the compromised node.
The `NodeRestriction` admission plugin prevents kubelets from setting or modifying labels with a `node-restriction.kubernetes.io/` prefix.
To make use of that label prefix for node isolation:

1. Check that you're using Kubernetes v1.11+ so that NodeRestriction is available.
2. Ensure you are using the [Node authorizer](/docs/reference/access-authn-authz/node/) and have _enabled_ the [NodeRestriction admission plugin](/docs/reference/access-authn-authz/admission-controllers/#noderestriction).
3. Add labels under the `node-restriction.kubernetes.io/` prefix to your Node objects, and use those labels in your node selectors.
1. Ensure you are using the [Node authorizer](/docs/reference/access-authn-authz/node/) and have _enabled_ the [NodeRestriction admission plugin](/docs/reference/access-authn-authz/admission-controllers/#noderestriction).
2. Add labels under the `node-restriction.kubernetes.io/` prefix to your Node objects, and use those labels in your node selectors.
For example, `example.com.node-restriction.kubernetes.io/fips=true` or `example.com.node-restriction.kubernetes.io/pci-dss=true`.

## Affinity and anti-affinity

0 comments on commit 0019c59

Please sign in to comment.
You can’t perform that action at this time.