diff --git a/practice/create-tls-and-secret-key.md b/practice/create-tls-and-secret-key.md
index 856c5ba0b..46af184b7 100644
--- a/practice/create-tls-and-secret-key.md
+++ b/practice/create-tls-and-secret-key.md
@@ -290,7 +290,7 @@ admin.csr  admin-csr.json  admin-key.pem  admin.pem
 ```
 
 + CN 指定该证书的 User 为 `system:kube-proxy`；
-+ `kube-apiserver` 预定义的 RoleBinding `cluster-admin` 将User `system:kube-proxy` 与 Role `system:node-proxier` 绑定，该 Role 授予了调用 `kube-apiserver` Proxy 相关 API 的权限；
++ `kube-apiserver` 预定义的 RoleBinding `system:node-proxier` 将User `system:kube-proxy` 与 Role `system:node-proxier` 绑定，该 Role 授予了调用 `kube-apiserver` Proxy 相关 API 的权限；
 
 生成 kube-proxy 客户端证书和私钥
 
@@ -407,4 +407,4 @@ cp *.pem /etc/kubernetes/ssl
 + [Generate self-signed certificates](https://coreos.com/os/docs/latest/generate-self-signed-certificates.html)
 + [Client Certificates V/s Server Certificates](https://blogs.msdn.microsoft.com/kaushal/2012/02/17/client-certificates-vs-server-certificates/)
 + [数字证书及 CA 的扫盲介绍](http://blog.jobbole.com/104919/)
-+ [TLS bootstrap 引导程序](../guide/tls-bootstrapping.md)
\ No newline at end of file
++ [TLS bootstrap 引导程序](../guide/tls-bootstrapping.md)