kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

kubelet tls bootstrapping: fix role names

pull/5690/head
Eric Chiang 2017-09-28 23:46:35 -07:00 committed by Andrew Chen
parent 1edf6ea927
commit d7f2c8853d
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/admin/kubelet-tls-bootstrapping.md
View File

@ -133,9 +133,9 @@ rules:
As of 1.8, equivalent roles to the ones listed above are automatically created as part of the default RBAC roles.
For 1.8 clusters admins are recommended to bind tokens to the following roles instead of creating their own:
* `system:certificates.k8s.io:certificatesigningrequests:io:certificatesigningrequests:nodeclient`
* `system:certificates.k8s.io:certificatesigningrequests:nodeclient`
- Automatically approve CSRs for client certs bound to this role.
* `system:certificates.k8s.io:certificatesigningrequests:io:certificatesigningrequests:selfnodeclient`
* `system:certificates.k8s.io:certificatesigningrequests:selfnodeclient`
- Automatically approve CSRs when a client bound to its role renews its own certificate.
These powers can be granted to credentials, such as bootstrapping tokens. For example, to replicate the behavior