summaryrefslogtreecommitdiff
path: root/access.md
diff options
context:
space:
mode:
authorMike Danese <mikedanese@gmail.com>2015-08-05 18:08:26 -0700
committerMike Danese <mikedanese@gmail.com>2015-08-05 21:11:11 -0700
commita74ffb6a381cf9a7bd8282c8d9806bae41680f3d (patch)
tree084fc6560a7f3dd69b1e4dd08122a9338468e296 /access.md
parenta38fc0660419c1d5c2b460a459d8b93f996f79c8 (diff)
rewrite all links to issues to k8s links
Diffstat (limited to 'access.md')
-rw-r--r--access.md8
1 files changed, 4 insertions, 4 deletions
diff --git a/access.md b/access.md
index d2fe44ca..92840f73 100644
--- a/access.md
+++ b/access.md
@@ -118,8 +118,8 @@ Pods configs should be largely portable between Org-run and hosted configuration
# Design
Related discussion:
-- https://github.com/GoogleCloudPlatform/kubernetes/issues/442
-- https://github.com/GoogleCloudPlatform/kubernetes/issues/443
+- http://issue.k8s.io/442
+- http://issue.k8s.io/443
This doc describes two security profiles:
- Simple profile: like single-user mode. Make it easy to evaluate K8s without lots of configuring accounts and policies. Protects from unauthorized users, but does not partition authorized users.
@@ -176,7 +176,7 @@ Initially:
Improvements:
- Kubelet allocates disjoint blocks of root-namespace uids for each container. This may provide some defense-in-depth against container escapes. (https://github.com/docker/docker/pull/4572)
- requires docker to integrate user namespace support, and deciding what getpwnam() does for these uids.
-- any features that help users avoid use of privileged containers (https://github.com/GoogleCloudPlatform/kubernetes/issues/391)
+- any features that help users avoid use of privileged containers (http://issue.k8s.io/391)
### Namespaces
@@ -253,7 +253,7 @@ Policy objects may be applicable only to a single namespace or to all namespaces
## Accounting
-The API should have a `quota` concept (see https://github.com/GoogleCloudPlatform/kubernetes/issues/442). A quota object relates a namespace (and optionally a label selector) to a maximum quantity of resources that may be used (see [resources design doc](resources.md)).
+The API should have a `quota` concept (see http://issue.k8s.io/442). A quota object relates a namespace (and optionally a label selector) to a maximum quantity of resources that may be used (see [resources design doc](resources.md)).
Initially:
- a `quota` object is immutable.