e4a4fe4a89
Automatic merge from submit-queue (batch tested with PRs 40297, 41285, 41211, 41243, 39735) Secure kube-scheduler This PR: * Adds a bootstrap `system:kube-scheduler` clusterrole * Adds a bootstrap clusterrolebinding to the `system:kube-scheduler` user * Sets up a kubeconfig for kube-scheduler on GCE (following the controller-manager pattern) * Switches kube-scheduler to running with kubeconfig against secured port (salt changes, beware) * Removes superuser permissions from kube-scheduler in local-up-cluster.sh * Adds detailed RBAC deny logging ```release-note On kube-up.sh clusters on GCE, kube-scheduler now contacts the API on the secured port. ``` |
||
|---|---|---|
| .. | ||
| cmd/kube-scheduler | ||
| pkg | ||
| BUILD | ||
| OWNERS | ||