1apiVersion: rbac.authorization.k8s.io/v1
2kind: ClusterRoleBinding
3metadata:
4 name: gce:beta:kubelet-certificate-bootstrap
5 labels:
6 addonmanager.kubernetes.io/mode: Reconcile
7roleRef:
8 apiGroup: rbac.authorization.k8s.io
9 kind: ClusterRole
10 name: gce:beta:kubelet-certificate-bootstrap
11subjects:
12- apiGroup: rbac.authorization.k8s.io
13 kind: User
14 name: kubelet
15---
16apiVersion: rbac.authorization.k8s.io/v1
17kind: ClusterRoleBinding
18metadata:
19 name: gce:beta:kubelet-certificate-rotation
20 labels:
21 addonmanager.kubernetes.io/mode: Reconcile
22roleRef:
23 apiGroup: rbac.authorization.k8s.io
24 kind: ClusterRole
25 name: gce:beta:kubelet-certificate-rotation
26subjects:
27- apiGroup: rbac.authorization.k8s.io
28 kind: Group
29 name: system:nodes
30---
31apiVersion: rbac.authorization.k8s.io/v1
32kind: ClusterRole
33metadata:
34 name: gce:beta:kubelet-certificate-bootstrap
35 labels:
36 addonmanager.kubernetes.io/mode: Reconcile
37rules:
38- apiGroups:
39 - "certificates.k8s.io"
40 resources:
41 - certificatesigningrequests/nodeclient
42 verbs:
43 - "create"
44---
45apiVersion: rbac.authorization.k8s.io/v1
46kind: ClusterRole
47metadata:
48 name: gce:beta:kubelet-certificate-rotation
49 labels:
50 addonmanager.kubernetes.io/mode: Reconcile
51rules:
52- apiGroups:
53 - "certificates.k8s.io"
54 resources:
55 - certificatesigningrequests/selfnodeclient
56 - certificatesigningrequests/selfnodeserver
57 verbs:
58 - "create"
View as plain text