| 1234567891011121314151617181920 |
- # The GKE environments don't have kubelets with certificates that
- # identify the system:nodes group. They use the kubelet identity
- # TODO: remove this once new nodes are granted individual identities and the
- # NodeAuthorizer is enabled.
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
- name: kubelet-cluster-admin
- labels:
- kubernetes.io/cluster-service: "true"
- addonmanager.kubernetes.io/mode: Reconcile
- roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: system:node
- subjects:
- - apiGroup: rbac.authorization.k8s.io
- kind: User
- name: kubelet
|
