ec434662bd
Automatic merge from submit-queue (batch tested with PRs 64503, 64903, 64643, 64987). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Create system:cluster-autoscaler account & role and introduce it to C… **What this PR does / why we need it**: This PR adds cluster-autoscaler ClusterRole & binding, to be used by the Cluster Autoscaler (kubernetes/autoscaler repository). It also updates GCE scripts to make CA use the cluster-autoscaler user account. User account instead of Service account is chosen to be more in line with kube-scheduler. **Which issue(s) this PR fixes**: Fixes [issue 383](https://github.com/kubernetes/autoscaler/issues/383) from kubernetes/autoscaler. **Special notes for your reviewer**: This PR might be treated as a security fix since prior to it CA on GCE was using system:cluster-admin account, assumed due to default handling of unsecured & unauthenticated traffic over plain HTTP. **Release note**: ```release-note A cluster-autoscaler ClusterRole is added to cover only the functionality required by Cluster Autoscaler and avoid abusing system:cluster-admin role. action required: Cloud providers other than GCE might want to update their deployments or sample yaml files to reuse the role created via add-on. ```
Container-VM Image
Container-VM Image is a container-optimized OS image for the Google Cloud Platform (GCP). It is primarily for running Google services on GCP. Unlike the open preview version of container-vm, the new Container-VM Image is based on the open source ChromiumOS project, allowing us greater control over the build management, security compliance, and customizations for GCP.