| 12345678910111213141516171819 |
- # The Kubemark environment currently gives all kubelets a single shared credential.
- #
- # TODO: give each kubelet a credential in the system:nodes group with username system:node:<nodeName>,
- # to exercise the Node authorizer and admission, then remove this binding
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
- name: kubelet-node
- labels:
- kubernetes.io/cluster-service: "true"
- roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: system:node
- subjects:
- - apiGroup: rbac.authorization.k8s.io
- kind: User
- name: kubelet
|
