vendor/k8s.io/kubernetes/test/kubemark/resources/manifests/addons/kubemark-rbac-bindings/kubelet-binding.yaml - cloudstack-kubernetes-provider - Git at Google

 # The Kubemark environment currently gives all kubelets a single shared credential.
 #
 # TODO: give each kubelet a credential in the system:nodes group with username system:node:<nodeName>,
 # to exercise the Node authorizer and admission, then remove this binding
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   name: kubelet-node
   labels:
     kubernetes.io/cluster-service: "true"
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: system:node
 subjects:
 - apiGroup: rbac.authorization.k8s.io
   kind: User
   name: kubelet
	# The Kubemark environment currently gives all kubelets a single shared credential.
	#
	# TODO: give each kubelet a credential in the system:nodes group with username system:node:<nodeName>,
	# to exercise the Node authorizer and admission, then remove this binding
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRoleBinding
	metadata:
	name: kubelet-node
	labels:
	kubernetes.io/cluster-service: "true"
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: system:node
	subjects:
	- apiGroup: rbac.authorization.k8s.io
	kind: User
	name: kubelet