vendor/k8s.io/kubernetes/cluster/addons/rbac/legacy-kubelet-user/kubelet-binding.yaml - cloudstack-kubernetes-provider - Git at Google

 # The GKE environments don't have kubelets with certificates that
 # identify the system:nodes group.  They use the kubelet identity
 # TODO: remove this once new nodes are granted individual identities and the
 # NodeAuthorizer is enabled.
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   name: kubelet-cluster-admin
   labels:
     kubernetes.io/cluster-service: "true"
     addonmanager.kubernetes.io/mode: Reconcile
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: system:node
 subjects:
 - apiGroup: rbac.authorization.k8s.io
   kind: User
   name: kubelet
	# The GKE environments don't have kubelets with certificates that
	# identify the system:nodes group. They use the kubelet identity
	# TODO: remove this once new nodes are granted individual identities and the
	# NodeAuthorizer is enabled.
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRoleBinding
	metadata:
	name: kubelet-cluster-admin
	labels:
	kubernetes.io/cluster-service: "true"
	addonmanager.kubernetes.io/mode: Reconcile
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: system:node
	subjects:
	- apiGroup: rbac.authorization.k8s.io
	kind: User
	name: kubelet