Skip to content

Commit

Permalink
Merge pull request #22715 from logicalhan/monitoring
Browse files Browse the repository at this point in the history
add documentation for system:monitoring rbac policy
  • Loading branch information
k8s-ci-robot authored Oct 20, 2020
2 parents c06d366 + f37f473 commit 7cfdee6
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion content/en/docs/reference/access-authn-authz/rbac.md
Original file line number Diff line number Diff line change
Expand Up @@ -801,7 +801,12 @@ This is commonly used by add-on API servers for unified authentication and autho
<td>None</td>
<td>Allows access to the resources required by most <a href="/docs/concepts/storage/persistent-volumes/#provisioner">dynamic volume provisioners</a>.</td>
</tr>
<tbody>
<tr>
<td><b>system:monitoring</b></td>
<td><b>system:monitoring</b> group</td>
<td>Allows read access to control-plane monitoring endpoints (i.e. {{< glossary_tooltip term_id="kube-apiserver" text="kube-apiserver" >}} liveness and readiness endpoints (<tt>/healthz</tt>, <tt>/livez</tt>, <tt>/readyz</tt>), the individual health-check endpoints (<tt>/healthz/*</tt>, <tt>/livez/*</tt>, <tt>/readyz/*</tt>), and <tt>/metrics</tt>). Note that individual health check endpoints and the metric endpoint may expose sensitive information.</td>
</tr>
</tbody>
</table>

### Roles for built-in controllers {#controller-roles}
Expand Down

0 comments on commit 7cfdee6

Please sign in to comment.