rootsongjc
/
kubernetes-handbook
mirror of https://github.com/rootsongjc/kubernetes-handbook.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #290 from zhuxi0511/master 

fix rolebonding description
pull/293/head
Jimmy Song 2018-10-09 11:41:32 +08:00 committed by GitHub
parent 50e6a7d866 1ad38107f0
commit e702131688
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
practice/create-tls-and-secret-key.md
View File

@ -290,7 +290,7 @@ admin.csr admin-csr.json admin-key.pem admin.pem
``` ```
+ CN 指定该证书的 User 为 `system:kube-proxy` + CN 指定该证书的 User 为 `system:kube-proxy`
+ `kube-apiserver` 预定义的 RoleBinding `cluster-admin` 将User `system:kube-proxy` 与 Role `system:node-proxier` 绑定,该 Role 授予了调用 `kube-apiserver` Proxy 相关 API 的权限; + `kube-apiserver` 预定义的 RoleBinding `system:node-proxier` 将User `system:kube-proxy` 与 Role `system:node-proxier` 绑定,该 Role 授予了调用 `kube-apiserver` Proxy 相关 API 的权限;
生成 kube-proxy 客户端证书和私钥 生成 kube-proxy 客户端证书和私钥
@ -407,4 +407,4 @@ cp *.pem /etc/kubernetes/ssl
+ [Generate self-signed certificates](https://coreos.com/os/docs/latest/generate-self-signed-certificates.html) + [Generate self-signed certificates](https://coreos.com/os/docs/latest/generate-self-signed-certificates.html)
+ [Client Certificates V/s Server Certificates](https://blogs.msdn.microsoft.com/kaushal/2012/02/17/client-certificates-vs-server-certificates/) + [Client Certificates V/s Server Certificates](https://blogs.msdn.microsoft.com/kaushal/2012/02/17/client-certificates-vs-server-certificates/)
+ [数字证书及 CA 的扫盲介绍](http://blog.jobbole.com/104919/) + [数字证书及 CA 的扫盲介绍](http://blog.jobbole.com/104919/)
+ [TLS bootstrap 引导程序](../guide/tls-bootstrapping.md) + [TLS bootstrap 引导程序](../guide/tls-bootstrapping.md)