mirrors
/
kubernetes-the-hard-way
mirror of https://github.com/kelseyhightower/kubernetes-the-hard-way
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

document the RBAC role binding process for TLS bootstrapping

pull/137/head
Kelsey Hightower 2017-03-24 04:16:29 -07:00
parent 94cbe1e683
commit f7532568be
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/05-kubernetes-controller.md
View File

@ -316,14 +316,14 @@ aws elb register-instances-with-load-balancer \
## RBAC
Set up bootstrapping roles:
The following command will grant the `kubelet-bootstrap` user the permissions necessary to request a client TLS certificate.
```
gcloud compute ssh controller0
```
Bind the `kubelet-bootstrap` user to the `system:node-bootstrapper` cluster role:
```
kubectl create clusterrolebinding kubelet-bootstrap \
--clusterrole=system:node-bootstrapper \
--user=kubelet-bootstrap
```
At this point kubelets can now request a TLS client certificate as defined in the [kubelet TLS bootstrapping guide](https://kubernetes.io/docs/admin/kubelet-tls-bootstrapping/).