From 434c161759f1e957a088ed27e0ae9b733572b17e Mon Sep 17 00:00:00 2001
From: Alex Moon <alex.jared.moon@gmail.com>
Date: Wed, 10 Oct 2018 22:21:30 +0000
Subject: [PATCH] Fix issue #348 to clarify rbac permissions

---
 docs/08-bootstrapping-kubernetes-controllers.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docs/08-bootstrapping-kubernetes-controllers.md b/docs/08-bootstrapping-kubernetes-controllers.md
index 1c2883b..a80175c 100644
--- a/docs/08-bootstrapping-kubernetes-controllers.md
+++ b/docs/08-bootstrapping-kubernetes-controllers.md
@@ -283,6 +283,9 @@ In this section you will configure RBAC permissions to allow the Kubernetes API
 
 > This tutorial sets the Kubelet `--authorization-mode` flag to `Webhook`. Webhook mode uses the [SubjectAccessReview](https://kubernetes.io/docs/admin/authorization/#checking-api-access) API to determine authorization.
 
+In this section you are interacting with your cluster as a whole, so the following 2 role creation commands only need to be run from a single controller
+
+
 ```
 gcloud compute ssh controller-0
 ```