diff --git a/ca.conf b/ca.conf index 90e979e09..805e5fe29 100644 --- a/ca.conf +++ b/ca.conf @@ -26,7 +26,7 @@ O = system:masters # # The Kubernetes Controller Manager leverages a key pair to generate # and sign service account tokens as described in the -# [managing service accounts](https://kubernetes.io/docs/admin/service-accounts-admin/) +# [managing service accounts](https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/) # documentation. [service-accounts] @@ -39,9 +39,9 @@ CN = service-accounts # Worker Nodes # -# Kubernetes uses a [special-purpose authorization mode](https://kubernetes.io/docs/admin/authorization/node/) +# Kubernetes uses a [special-purpose authorization mode](https://kubernetes.io/docs/reference/access-authn-authz/node/) # called Node Authorizer, that specifically authorizes API requests made -# by [Kubelets](https://kubernetes.io/docs/concepts/overview/components/#kubelet). +# by [Kubelets](https://kubernetes.io/docs/concepts/architecture/#kubelet). # In order to be authorized by the Node Authorizer, Kubelets must use a credential # that identifies them as being in the `system:nodes` group, with a username # of `system:node:`.