From 8f7af729901e458dd5060880fae941d5eac1c9c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Po=C5=A1ka?= Date: Wed, 27 Sep 2023 22:26:35 +0300 Subject: [PATCH] Update docs/advanced/advanced.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Brad Davidson Signed-off-by: Poška --- docs/advanced/advanced.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/advanced/advanced.md b/docs/advanced/advanced.md index 6dddb9f7c..bbe4bb811 100644 --- a/docs/advanced/advanced.md +++ b/docs/advanced/advanced.md @@ -190,7 +190,7 @@ Because they do not host a kubelet, they cannot run pods or be managed by operat Running agentless servers may be advantageous if you want to obscure your control-plane nodes from discovery by agents and workloads, at the cost of increased administrative overhead caused by lack of cluster operator support. -By default, the apiserver will not be able to make outgoing connections to any admission webhooks running in agents. To remedy this, also set the `--egress-selector-mode` server flag to either `pod` or `cluster`. If you are changing this flag in a cluster with already running agents, you'll need to restart the agents for the flag to take effect. +By default, the apiserver on agentless servers will not be able to make outgoing connections to admission webhooks or aggregated apiservices running within the cluster. To remedy this, set the `--egress-selector-mode` server flag to either `pod` or `cluster`. If you are changing this flag on an existing cluster, you'll need to restart all nodes in the cluster for the option to take effect. ## Running Rootless Servers (Experimental) > **Warning:** This feature is experimental.