e4a4fe4a89
Automatic merge from submit-queue (batch tested with PRs 40297, 41285, 41211, 41243, 39735) Secure kube-scheduler This PR: * Adds a bootstrap `system:kube-scheduler` clusterrole * Adds a bootstrap clusterrolebinding to the `system:kube-scheduler` user * Sets up a kubeconfig for kube-scheduler on GCE (following the controller-manager pattern) * Switches kube-scheduler to running with kubeconfig against secured port (salt changes, beware) * Removes superuser permissions from kube-scheduler in local-up-cluster.sh * Adds detailed RBAC deny logging ```release-note On kube-up.sh clusters on GCE, kube-scheduler now contacts the API on the secured port. ``` |
||
|---|---|---|
| .. | ||
| gce | ||
| resources | ||
| skeleton | ||
| BUILD | ||
| cloud-provider-config.sh | ||
| common.sh | ||
| configure-kubectl.sh | ||
| get-real-pod-for-hollow-node.sh | ||
| OWNERS | ||
| run-e2e-tests.sh | ||
| start-kubemark.sh | ||
| stop-kubemark.sh | ||