From 3217c93b20a772f715db6e4e8255fff6e0d26980 Mon Sep 17 00:00:00 2001 From: Mumshad Mannambeth Date: Tue, 9 Jul 2019 11:03:52 +0800 Subject: [PATCH] Update tls-bootstrap-worker-node-2.md --- .../tls-bootstrap-worker-node-2.md | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/practice-questions-answers/install/bootstrap-worker-node-2/tls-bootstrap-worker-node-2.md b/practice-questions-answers/install/bootstrap-worker-node-2/tls-bootstrap-worker-node-2.md index 571f86f..75c4d8b 100644 --- a/practice-questions-answers/install/bootstrap-worker-node-2/tls-bootstrap-worker-node-2.md +++ b/practice-questions-answers/install/bootstrap-worker-node-2/tls-bootstrap-worker-node-2.md @@ -37,7 +37,9 @@ EOF ## Create Cluster Role Binding +``` kubectl create clusterrolebinding crb-to-create-csr --clusterrole=system:node-bootstrapper --group=system:bootstrappers +``` --------------- OR --------------- @@ -64,7 +66,9 @@ EOF # Authorize workers(kubelets) to approve CSR +``` kubectl create clusterrolebinding crb-to-approve-csr --clusterrole=system:certificates.k8s.io:certificatesigningrequests:nodeclient --group=system:bootstrappers +``` --------------- OR --------------- @@ -89,19 +93,21 @@ EOF `master$ kubectl create -f crb-to-approve-csr.yaml` -# Auto rotate certificates +# Auto rotate/renew certificates -kubectl create clusterrolebinding crb-to-autoapprove-csr --clusterrole=system:certificates.k8s.io:certificatesigningrequests:nodeclient --group=system:bootstrappers +``` +kubectl create clusterrolebinding auto-approve-renewals-for-nodes --clusterrole=system:certificates.k8s.io:certificatesigningrequests:selfnodeclient --group=system:nodes +``` --------------- OR --------------- ``` -cat > crb-to-autoapprove-csr.yaml < auto-approve-renewals-for-nodes.yaml <