Skip to content

Commit

Permalink
kubelet tls bootstrapping: fix role names
Browse files Browse the repository at this point in the history
  • Loading branch information
@ericchiang
ericchiang committed Sep 29, 2017
1 parent 2126d2e commit 318e156
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions docs/admin/kubelet-tls-bootstrapping.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -133,9 +133,9 @@ rules:
As of 1.8, equivalent roles to the ones listed above are automatically created as part of the default RBAC roles.
For 1.8 clusters admins are recommended to bind tokens to the following roles instead of creating their own:
* `system:certificates.k8s.io:certificatesigningrequests:io:certificatesigningrequests:nodeclient`
* `system:certificates.k8s.io:certificatesigningrequests:nodeclient`
- Automatically approve CSRs for client certs bound to this role.
* `system:certificates.k8s.io:certificatesigningrequests:io:certificatesigningrequests:selfnodeclient`
* `system:certificates.k8s.io:certificatesigningrequests:selfnodeclient`
- Automatically approve CSRs when a client bound to its role renews its own certificate.

These powers can be granted to credentials, such as bootstrapping tokens. For example, to replicate the behavior
Expand Down

0 comments on commit 318e156

Please sign in to comment.