Further updates to TLS Bootstrapping #11258
Conversation
k8s-ci-robot
added
cncf-cla: yes
|
Deploy preview for kubernetes-io-master-staging ready! Built with commit c87d632 https://deploy-preview-11258--kubernetes-io-master-staging.netlify.com |
| 2. Used in the controller-manager configuration to scope | ||
| approvals in the default approval controller, if automatic approval is enabled. | ||
| 1. create and retrieve CSRs | ||
| 2. Be recognized by the controller-manager configuration to scope approvals in the default approval controller, if automatic approval is enabled. |
There was a problem hiding this comment.
suggest: "be automatically approved to request node client certificates"
| 1. create and retrieve CSRs | ||
| 2. Be recognized by the controller-manager configuration to scope approvals in the default approval controller, if automatic approval is enabled. | ||
|
|
||
| A kubelet authenticating usinng bootstrap tokens is recognized as a group `system:bootstrappers`, which is the standard method to use. |
There was a problem hiding this comment.
s/usinng/using/
"is authenticated as a user in the system:bootstrappers group"
There was a problem hiding this comment.
Want to guess which letter is misbehaving in my MacBookPro keyboard this week?
Sure.
|
Re: #11181 (comment), I would still prefer to trim down the kube-proxy section, or make it more generically discuss running other components on the node, and give kube-proxy as an example. I also don't think we should mention using the kubelet's credentials for other components |
k8s-ci-robot
added
size/L
|
Updated per comments. |
|
/lgtm thanks |
k8s-ci-robot
added
the
lgtm
|
/approve but see also #11381 -- we need to do still more work on certs generally |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Bradamant3 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
…ease-1.12 * 'master' of git://github.com/kubernetes/website: (222 commits) Add temporary owners for 1.13 release (#11453) fix Minikube 404 error. (#11461) Resolve conflicts against dev-1.13 for /ko contents (#11439) replace `run` with `create deployment` (#11392) Updated list all pods with -o wide comment (#11394) fix broken link for KubeletConfiguration (#11423) Update on pod-priority-preemption.md (#11418) Add guidelines for working with localized content (#11415) Update what-is-kubernetes.md (#11399) Remove redundant close tags and little bit formatting (#11389) Add SysEleven MetaKube as hosted solution (#11393) Add rui to sig-docs-zh team (#11391) fix Improper translation (#11384) Add pigletfly(WangBing) as a sig-docs-zh-reviewer (#11370) update link to CloudProvider Interface (#11228) Fix the "my-scheduler-as-kube-scheduler" ClusterRoleBinding. (#11112) fix non-existing "CloudProvider Interface" link (#10953) Updated ingress.md (#11213) Further updates to TLS Bootstrapping (#11258) Updated 'exec' description (#11365) ...
More updates per @liggitt comments on #11181