apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: gce:beta:kubelet-certificate-bootstrap
labels:
addonmanager.kubernetes.io/mode: Reconcile
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: gce:beta:kubelet-certificate-bootstrap
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: kubelet
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: gce:beta:kubelet-certificate-rotation
labels:
addonmanager.kubernetes.io/mode: Reconcile
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: gce:beta:kubelet-certificate-rotation
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:nodes
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: gce:beta:kubelet-certificate-bootstrap
labels:
addonmanager.kubernetes.io/mode: Reconcile
rules:
- apiGroups:
- "certificates.k8s.io"
resources:
- certificatesigningrequests/nodeclient
verbs:
- "create"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: gce:beta:kubelet-certificate-rotation
labels:
addonmanager.kubernetes.io/mode: Reconcile
rules:
- apiGroups:
- "certificates.k8s.io"
resources:
- certificatesigningrequests/selfnodeclient
- certificatesigningrequests/selfnodeserver
verbs:
- "create"