Details will live in the respective policies

solsson · solsson · commit 79d65fd2e35b · 2017-08-05T06:28:56.000+02:00
diff --git a/README.md b/README.md
@@ -59,15 +59,6 @@ For clusters that enfoce [RBAC](https://kubernetes.io/docs/admin/authorization/r
 kubectl apply -f rbac-namespace-default/
 ```
 
-For example here's how you see that `kafka`s init containers need RBAC for [rack awareness](https://github.com/Yolean/kubernetes-kafka/pull/41):
-```
-$ kubectl exec kafka-1 -- cat /etc/kafka/server.properties | grep broker.rack
-#init#broker.rack=# zone lookup failed, see -c init-config logs
-$ kubectl logs -c init-config kafka-0
-++ kubectl get node some-node '-o=go-template={{index .metadata.labels "failure-domain.beta.kubernetes.io/zone"}}'
-Error from server (Forbidden): User "system:serviceaccount:kafka:default" cannot get nodes at the cluster scope.: "Unknown user \"system:serviceaccount:kafka:default\""
-```
-
 # Tests
 
 ```
diff --git a/rbac-namespace-default/node-reader.yml b/rbac-namespace-default/node-reader.yml
@@ -1,4 +1,11 @@
-# For kubectl get node, required for kafka init container rack awareness
+# To see if init containers need RBAC:
+#
+# $ kubectl exec kafka-1 -- cat /etc/kafka/server.properties | grep broker.rack
+# #init#broker.rack=# zone lookup failed, see -c init-config logs
+# $ kubectl logs -c init-config kafka-0
+# ++ kubectl get node some-node '-o=go-template={{index .metadata.labels "failure-domain.beta.kubernetes.io/zone"}}'
+# Error from server (Forbidden): User "system:serviceaccount:kafka:default" cannot get nodes at the cluster scope.: "Unknown user \"system:serviceaccount:kafka:default\""
+#
 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1beta1
