github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-10-21 22:49:31 +00:00
Code Issues Projects Releases Wiki Activity

Remove default binding of system:node role to system:nodes group

Browse Source
This commit is contained in:
Jordan Liggitt
2017-07-26 09:55:01 -04:00
parent 0940a25440
commit d65610bf2f
5 changed files with 8 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/kubeapiserver/authorizer/config.go
View File

@@ -115,9 +115,6 @@ func (config AuthorizationConfig) New() (authorizer.Authorizer, error) {
nodeAuthorizer := node.NewAuthorizer(graph, nodeidentifier.NewDefaultNodeIdentifier(), bootstrappolicy.NodeRules())
authorizers = append(authorizers, nodeAuthorizer)
// Don't bind system:nodes to the system:node role
bootstrappolicy.AddClusterRoleBindingFilter(bootstrappolicy.OmitNodesGroupBinding)
case modes.ModeAlwaysAllow:
authorizers = append(authorizers, authorizerfactory.NewAlwaysAllowAuthorizer())
case modes.ModeAlwaysDeny: