| # The Kubemark environment currently gives all kubelets a single shared credential. |
| # |
| # TODO: give each kubelet a credential in the system:nodes group with username system:node:<nodeName>, |
| # to exercise the Node authorizer and admission, then remove this binding |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: ClusterRoleBinding |
| metadata: |
| name: kubelet-node |
| labels: |
| kubernetes.io/cluster-service: "true" |
| roleRef: |
| apiGroup: rbac.authorization.k8s.io |
| kind: ClusterRole |
| name: system:node |
| subjects: |
| - apiGroup: rbac.authorization.k8s.io |
| kind: User |
| name: kubelet |