...
1# The Kubemark environment currently gives all kubelets a single shared credential.
2#
3# TODO: give each kubelet a credential in the system:nodes group with username system:node:<nodeName>,
4# to exercise the Node authorizer and admission, then remove this binding
5apiVersion: rbac.authorization.k8s.io/v1
6kind: ClusterRoleBinding
7metadata:
8 name: kubelet-node
9 labels:
10 kubernetes.io/cluster-service: "true"
11roleRef:
12 apiGroup: rbac.authorization.k8s.io
13 kind: ClusterRole
14 name: system:node
15subjects:
16- apiGroup: rbac.authorization.k8s.io
17 kind: User
18 name: kubelet
View as plain text