1. cat > apiserver-to-kubelet-rbac.yaml << EOF
    2. apiVersion: rbac.authorization.k8s.io/v1
    3. kind: ClusterRole
    4. metadata:
    5.   annotations:
    6.     rbac.authorization.kubernetes.io/autoupdate: "true"
    7.   labels:
    8.     kubernetes.io/bootstrapping: rbac-defaults
    9.   name: system:kube-apiserver-to-kubelet
    10. rules:
    11.   - apiGroups:
    12.       - ""
    13.     resources:
    14.       - nodes/proxy
    15.       - nodes/stats
    16.       - nodes/log
    17.       - nodes/spec
    18.       - nodes/metrics
    19.       - pods/log
    20.     verbs:
    21.       - "*"
    22. ---
    23. apiVersion: rbac.authorization.k8s.io/v1
    24. kind: ClusterRoleBinding
    25. metadata:
    26.   name: system:kube-apiserver
    27.   namespace: ""
    28. roleRef:
    29.   apiGroup: rbac.authorization.k8s.io
    30.   kind: ClusterRole
    31.   name: system:kube-apiserver-to-kubelet
    32. subjects:
    33.   - apiGroup: rbac.authorization.k8s.io
    34.     kind: User
    35.     name: kubernetes
    36. EOF
    37. kubectl apply -f apiserver-to-kubelet-rbac.yaml