Pod objects that a kubelet could modify.
NodeRestriction plug-in ensures that the kubelet is restricted to the
Pod objects that it could modify as defined. Such kubelets will only be allowed to modify their own
Node API object, and only modify
Pod API objects that are bound to their node.
- Kind: Pod
apiVersion: v1 kind: Pod metadata: creationTimestamp: null labels: component: kube-apiserver tier: control-plane name: kube-apiserver namespace: kube-system spec: containers: - command: + - kube-apiserver + - --enable-admission-plugins=NodeRestriction image: gcr.io/google_containers/kube-apiserver-amd64:v1.6.0 ...
Updated about 1 year ago