1 files changed, 1 insertions, 1 deletions

diff --git a/clustering.md b/clustering.md
index 4cef06f8..442cb4b6 100644
--- a/clustering.md
+++ b/clustering.md
@@ -41,7 +41,7 @@ The building blocks of an easier solution:
 * **Move to TLS** We will move to using TLS for all intra-cluster communication.  We will explicitly identify the trust chain (the set of trusted CAs) as opposed to trusting the system CAs.  We will also use client certificates for all AuthN.
 * [optional] **API driven CA** Optionally, we will run a CA in the master that will mint certificates for the nodes/kubelets.  There will be pluggable policies that will automatically approve certificate requests here as appropriate.
   * **CA approval policy**  This is a pluggable policy object that can automatically approve CA signing requests.  Stock policies will include `always-reject`, `queue` and `insecure-always-approve`.  With `queue` there would be an API for evaluating and accepting/rejecting requests.  Cloud providers could implement a policy here that verifies other out of band information and automatically approves/rejects based on other external factors.
-* **Scoped Kubelet Accounts** These accounts are per-minion and (optionally) give a minion permission to register itself.
+* **Scoped Kubelet Accounts** These accounts are per-node and (optionally) give a node permission to register itself.
 	* To start with, we'd have the kubelets generate a cert/account in the form of `kubelet:<host>`.  To start we would then hard code policy such that we give that particular account appropriate permissions.  Over time, we can make the policy engine more generic.
 * [optional] **Bootstrap API endpoint** This is a helper service hosted outside of the Kubernetes cluster that helps with initial discovery of the master.