mirrors
/
kubernetes-the-hard-way
mirror of https://github.com/kelseyhightower/kubernetes-the-hard-way
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update tls-bootstrap-worker-node-2.md

pull/482/head
Mumshad Mannambeth 2019-07-09 11:03:52 +08:00 committed by GitHub
parent e5265e57f0
commit 3217c93b20
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
practice-questions-answers/install/bootstrap-worker-node-2/tls-bootstrap-worker-node-2.md
View File

@ -37,7 +37,9 @@ EOF
## Create Cluster Role Binding ## Create Cluster Role Binding
```
kubectl create clusterrolebinding crb-to-create-csr --clusterrole=system:node-bootstrapper --group=system:bootstrappers kubectl create clusterrolebinding crb-to-create-csr --clusterrole=system:node-bootstrapper --group=system:bootstrappers
```
--------------- OR --------------- --------------- OR ---------------
@ -64,7 +66,9 @@ EOF
# Authorize workers(kubelets) to approve CSR # Authorize workers(kubelets) to approve CSR
```
kubectl create clusterrolebinding crb-to-approve-csr --clusterrole=system:certificates.k8s.io:certificatesigningrequests:nodeclient --group=system:bootstrappers kubectl create clusterrolebinding crb-to-approve-csr --clusterrole=system:certificates.k8s.io:certificatesigningrequests:nodeclient --group=system:bootstrappers
```
--------------- OR --------------- --------------- OR ---------------
@ -89,19 +93,21 @@ EOF
`master$ kubectl create -f crb-to-approve-csr.yaml` `master$ kubectl create -f crb-to-approve-csr.yaml`
# Auto rotate certificates # Auto rotate/renew certificates
kubectl create clusterrolebinding crb-to-autoapprove-csr --clusterrole=system:certificates.k8s.io:certificatesigningrequests:nodeclient --group=system:bootstrappers ```
kubectl create clusterrolebinding auto-approve-renewals-for-nodes --clusterrole=system:certificates.k8s.io:certificatesigningrequests:selfnodeclient --group=system:nodes
```
--------------- OR --------------- --------------- OR ---------------
``` ```
cat > crb-to-autoapprove-csr.yaml <<EOF cat > auto-approve-renewals-for-nodes.yaml <<EOF
# Approve renewal CSRs for the group "system:nodes" # Approve renewal CSRs for the group "system:nodes"
kind: ClusterRoleBinding kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
metadata: metadata:
name: crb-to-autoapprove-csr name: auto-approve-renewals-for-nodes
subjects: subjects:
- kind: Group - kind: Group
name: system:nodes name: system:nodes
@ -113,7 +119,7 @@ roleRef:
EOF EOF
``` ```
`master$ kubectl create -f crb-to-autoapprove-csr.yaml` `kubectl create -f auto-approve-renewals-for-nodes.yaml`
# Create bootstrap context on node03 # Create bootstrap context on node03