Skip to content

Commit e028d3d

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request #24580 from zhiguo-lu/zh-translate-reference-certificate-signing-requests
Translate reference/certificate-signing-requests.md into Chinese and fix a bug in origin file, #24065
2 parents b48179c + 5dab375 commit e028d3d

File tree

8 files changed

+889
-75
lines changed

8 files changed

+889
-75
lines changed

content/en/docs/reference/access-authn-authz/certificate-signing-requests.md

Lines changed: 4 additions & 75 deletions
Original file line numberDiff line numberDiff line change
@@ -136,22 +136,7 @@ To allow creating a CertificateSigningRequest and retrieving any CertificateSign
136136

137137
For example:
138138

139-
```yaml
140-
apiVersion: rbac.authorization.k8s.io/v1
141-
kind: ClusterRole
142-
metadata:
143-
name: csr-creator
144-
rules:
145-
- apiGroups:
146-
- certificates.k8s.io
147-
resources:
148-
- certificatesigningrequests
149-
verbs:
150-
- create
151-
- get
152-
- list
153-
- watch
154-
```
139+
{{< codenew file="access/certificate-signing-request/clusterrole-create.yaml" >}}
155140

156141
To allow approving a CertificateSigningRequest:
157142

@@ -161,71 +146,15 @@ To allow approving a CertificateSigningRequest:
161146

162147
For example:
163148

164-
```yaml
165-
apiVersion: rbac.authorization.k8s.io/v1
166-
kind: ClusterRole
167-
metadata:
168-
name: csr-approver
169-
rules:
170-
- apiGroups:
171-
- certificates.k8s.io
172-
resources:
173-
- certificatesigningrequests
174-
verbs:
175-
- get
176-
- list
177-
- watch
178-
- apiGroups:
179-
- certificates.k8s.io
180-
resources:
181-
- certificatesigningrequests/approval
182-
verbs:
183-
- update
184-
- apiGroups:
185-
- certificates.k8s.io
186-
resources:
187-
- signers
188-
resourceNames:
189-
- example.com/my-signer-name # example.com/* can be used to authorize for all signers in the 'example.com' domain
190-
verbs:
191-
- approve
192-
```
149+
{{< codenew file="access/certificate-signing-request/clusterrole-approve.yaml" >}}
193150

194151
To allow signing a CertificateSigningRequest:
195152

196153
* Verbs: `get`, `list`, `watch`, group: `certificates.k8s.io`, resource: `certificatesigningrequests`
197154
* Verbs: `update`, group: `certificates.k8s.io`, resource: `certificatesigningrequests/status`
198155
* Verbs: `sign`, group: `certificates.k8s.io`, resource: `signers`, resourceName: `<signerNameDomain>/<signerNamePath>` or `<signerNameDomain>/*`
199156

200-
```yaml
201-
apiVersion: rbac.authorization.k8s.io/v1
202-
kind: ClusterRole
203-
metadata:
204-
name: csr-signer
205-
rules:
206-
- apiGroups:
207-
- certificates.k8s.io
208-
resources:
209-
- certificatesigningrequests
210-
verbs:
211-
- get
212-
- list
213-
- watch
214-
- apiGroups:
215-
- certificates.k8s.io
216-
resources:
217-
- certificatesigningrequests/status
218-
verbs:
219-
- update
220-
- apiGroups:
221-
- certificates.k8s.io
222-
resources:
223-
- signers
224-
resourceName:
225-
- example.com/my-signer-name # example.com/* can be used to authorize for all signers in the 'example.com' domain
226-
verbs:
227-
- sign
228-
```
157+
{{< codenew file="access/certificate-signing-request/clusterrole-sign.yaml" >}}
229158

230159
## Normal User
231160

@@ -267,7 +196,7 @@ Some points to note:
267196

268197
### Approve Certificate Request
269198

270-
Use kubeadmin to create a CSR and approve it.
199+
Use kubectl to create a CSR and approve it.
271200

272201
Get the list of CSRs
273202
```

content/en/examples/access/certificate-signing-request/clusterrole-approve.yaml

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
apiVersion: rbac.authorization.k8s.io/v1
2+
kind: ClusterRole
3+
metadata:
4+
name: csr-approver
5+
rules:
6+
- apiGroups:
7+
- certificates.k8s.io
8+
resources:
9+
- certificatesigningrequests
10+
verbs:
11+
- get
12+
- list
13+
- watch
14+
- apiGroups:
15+
- certificates.k8s.io
16+
resources:
17+
- certificatesigningrequests/approval
18+
verbs:
19+
- update
20+
- apiGroups:
21+
- certificates.k8s.io
22+
resources:
23+
- signers
24+
resourceNames:
25+
- example.com/my-signer-name # example.com/* can be used to authorize for all signers in the 'example.com' domain
26+
verbs:
27+
- approve
28+

content/en/examples/access/certificate-signing-request/clusterrole-create.yaml

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
apiVersion: rbac.authorization.k8s.io/v1
2+
kind: ClusterRole
3+
metadata:
4+
name: csr-creator
5+
rules:
6+
- apiGroups:
7+
- certificates.k8s.io
8+
resources:
9+
- certificatesigningrequests
10+
verbs:
11+
- create
12+
- get
13+
- list
14+
- watch

content/en/examples/access/certificate-signing-request/clusterrole-sign.yaml

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
apiVersion: rbac.authorization.k8s.io/v1
2+
kind: ClusterRole
3+
metadata:
4+
name: csr-signer
5+
rules:
6+
- apiGroups:
7+
- certificates.k8s.io
8+
resources:
9+
- certificatesigningrequests
10+
verbs:
11+
- get
12+
- list
13+
- watch
14+
- apiGroups:
15+
- certificates.k8s.io
16+
resources:
17+
- certificatesigningrequests/status
18+
verbs:
19+
- update
20+
- apiGroups:
21+
- certificates.k8s.io
22+
resources:
23+
- signers
24+
resourceName:
25+
- example.com/my-signer-name # example.com/* can be used to authorize for all signers in the 'example.com' domain
26+
verbs:
27+
- sign

0 commit comments

Comments
 (0)