From a5114dfa6439206d94d1485711934a9640bf1f1d Mon Sep 17 00:00:00 2001
From: Paige Calvert <paige@replicated.com>
Date: Tue, 1 Jul 2025 10:33:02 -0600
Subject: [PATCH] Add required unix roles to ec docs

---
 docs/vendor/embedded-overview.mdx | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/docs/vendor/embedded-overview.mdx b/docs/vendor/embedded-overview.mdx
index a0c418bbea..8062bf8222 100644
--- a/docs/vendor/embedded-overview.mdx
+++ b/docs/vendor/embedded-overview.mdx
@@ -91,6 +91,21 @@ Additionally, Embedded Cluster automatically deploys several built-in extensions
 
 <EmbeddedClusterPortRequirements/>
 
+### Unix Accounts for Kubernetes Components
+
+During installation, Embedded Cluster automatically creates the following Unix accounts that are required by internal Kubernetes components:
+
+* **etcd**: Used by the Kubernetes etcd database, which stores cluster state.
+* **konnectivity-server**: Used by the Konnectivity service, which facilitates secure communication between internal components.
+* **kube-apiserver**: Used by the Kubernetes API server.
+* **kube-scheduler**: Used by the Kubernetes scheduler to schedule workloads such as pods.
+
+No action is required to create these roles. Removing them will make the cluster non-functional.
+
+For more information about the internal Kubernetes components, see [Kubernetes Components](https://kubernetes.io/docs/concepts/overview/components/) in the Kubernetes documentation.
+
+For more information about the Konnectivity service, see [Set up Konnectivity service](https://kubernetes.io/docs/tasks/extend-kubernetes/setup-konnectivity/) in the Kubernetes documentation.
+
 ## Limitations
 
 Embedded Cluster has the following limitations: