Permalink
Browse files

Update accessing-the-api links (#9441)

* update accessing-the-api links

* undo update of cn content
  • Loading branch information...
mrbobbytables authored and k8s-ci-robot committed Jul 12, 2018
1 parent f2276c2 commit 42decf8cf753f234067f8242e0bd20201f1d0ea3
@@ -48,7 +48,7 @@ Note: Not all distros are actively maintained. Choose distros which have been te
* [Kubernetes Container Environment](/docs/concepts/containers/container-environment-variables/) describes the environment for Kubelet managed containers on a Kubernetes node.
* [Controlling Access to the Kubernetes API](/docs/admin/accessing-the-api/) describes how to set up permissions for users and service accounts.
* [Controlling Access to the Kubernetes API](/docs/reference/access-authn-authz/controlling-access/) describes how to set up permissions for users and service accounts.
* [Authenticating](/docs/reference/access-authn-authz/authentication/) explains authentication in Kubernetes, including the various authentication options.
@@ -132,7 +132,7 @@ Adding an API does not directly let you affect the behavior of existing APIs (e.
### API Access Extensions
When a request reaches the Kubernetes API Server, it is first Authenticated, then Authorized, then subject to various types of Admission Control. See [[Accessing the API](/docs/admin/accessing-the-api/)] for more on this flow.
When a request reaches the Kubernetes API Server, it is first Authenticated, then Authorized, then subject to various types of Admission Control. See [Controlling Access to the Kubernetes API](/docs/reference/access-authn-authz/controlling-access/)] for more on this flow.
Each of these steps offers extension points.
@@ -12,7 +12,7 @@ Overall API conventions are described in the [API conventions doc](https://git.k
API endpoints, resource types and samples are described in [API Reference](/docs/reference).
Remote access to the API is discussed in the [access doc](/docs/admin/accessing-the-api).
Remote access to the API is discussed in the [Controlling API Access doc](/docs/reference/access-authn-authz/controlling-access/).
The Kubernetes API also serves as the foundation for the declarative configuration schema for the system. The [kubectl](/docs/reference/kubectl/overview/) command-line tool can be used to create, update, delete, and get API objects.
@@ -144,11 +144,11 @@ example of authorizing a PodSecurityPolicy, see
### Troubleshooting
- The [Controller Manager](/docs/admin/kube-controller-manager/) must be run
against [the secured API port](/docs/admin/accessing-the-api/), and must not
have superuser permissions. Otherwise requests would bypass authentication and
authorization modules, all PodSecurityPolicy objects would be allowed, and users
would be able to create privileged containers. For more details on configuring
Controller Manager authorization, see [Controller
against [the secured API port](/docs/reference/access-authn-authz/controlling-access/),
and must not have superuser permissions. Otherwise requests would bypass
authentication and authorization modules, all PodSecurityPolicy objects would be
allowed, and users would be able to create privileged containers. For more details
on configuring Controller Manager authorization, see [Controller
Roles](/docs/admin/authorization/rbac/#controller-roles).
## Policy Order
@@ -106,7 +106,7 @@ certificate.
On some clusters, the apiserver does not require authentication; it may serve
on localhost, or be protected by a firewall. There is not a standard
for this. [Configuring Access to the API](/docs/admin/accessing-the-api)
for this. [Configuring Access to the API](/docs/reference/access-authn-authz/controlling-access/)
describes how a cluster admin can configure this. Such approaches may conflict
with future high-availability support.
@@ -107,7 +107,7 @@ certificate.
On some clusters, the API server does not require authentication; it may serve
on localhost, or be protected by a firewall. There is not a standard
for this. [Configuring Access to the API](/docs/admin/accessing-the-api)
for this. [Configuring Access to the API](/docs/reference/access-authn-authz/controlling-access/)
describes how a cluster admin can configure this. Such approaches may conflict
with future high-availability support.
@@ -59,7 +59,7 @@ Securing your cluster includes work beyond the scope of Kubernetes itself.
In Kubernetes, you configure access control:
* [Controlling Access to the Kubernetes API](/docs/admin/accessing-the-api/)
* [Controlling Access to the Kubernetes API](/docs/reference/access-authn-authz/controlling-access/)
* [Authenticating](/docs/reference/access-authn-authz/authentication/)
* [Using Admission Controllers](/docs/admin/admission-controllers/)

0 comments on commit 42decf8

Please sign in to comment.