From 38918b3d5abc64e5b9069a8aef338343fd91086b Mon Sep 17 00:00:00 2001
From: Sulabh Chaturvedi <sulabhchaturvedi08@gmail.com>
Date: Fri, 17 Apr 2020 12:33:19 +0100
Subject: [PATCH] Update 13-kube-apiserver-to-kubelet.md
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

I kept getting error as the user is `system:kube-apiserver` and not 'kube-apiserver'. Also, the description says user as kubernetes which should also be rather `system:kube-apiserver`

below is the error I received and corrected the CRB manifest after looking carefully at the User attribute in the error received.
```
~ at ☸️  kubernetes-the-hard-way
➜ kubectl logs weave-net-7bmxs weave -n kube-system
Error from server (Forbidden): Forbidden (user=system:kube-apiserver, verb=get, resource=nodes, subresource=proxy) ( pods/log weave-net-7bmxs)
```
---
 docs/13-kube-apiserver-to-kubelet.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/13-kube-apiserver-to-kubelet.md b/docs/13-kube-apiserver-to-kubelet.md
index 59ab6ac..fc5cebc 100644
--- a/docs/13-kube-apiserver-to-kubelet.md
+++ b/docs/13-kube-apiserver-to-kubelet.md
@@ -32,9 +32,9 @@ EOF
 ```
 Reference: https://v1-12.docs.kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole
 
-The Kubernetes API Server authenticates to the Kubelet as the `kubernetes` user using the client certificate as defined by the `--kubelet-client-certificate` flag.
+The Kubernetes API Server authenticates to the Kubelet as the `system:kube-apiserver` user using the client certificate as defined by the `--kubelet-client-certificate` flag.
 
-Bind the `system:kube-apiserver-to-kubelet` ClusterRole to the `kubernetes` user:
+Bind the `system:kube-apiserver-to-kubelet` ClusterRole to the `system:kube-apiserver` user:
 
 ```
 cat <<EOF | kubectl apply --kubeconfig admin.kubeconfig -f -
@@ -50,7 +50,7 @@ roleRef:
 subjects:
   - apiGroup: rbac.authorization.k8s.io
     kind: User
-    name: kube-apiserver
+    name: system:kube-apiserver
 EOF
 ```
 Reference: https://v1-12.docs.kubernetes.io/docs/reference/access-authn-authz/rbac/#rolebinding-and-clusterrolebinding