Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Switch apiserver certificate to system:masters org
* A kubernetes apiserver should be authorized to make requests to kubelets using an admin role associated with system:masters * Kubelet defaults to AlwaysAllow so an apiserver that presented a valid certificate had all access to the Kubelet. With Webhook authorization, we're making that admin access explicit * Its important the apiserver be able to perform or proxy to kubelets for kubectl log, exec, port-forward, etc. * poseidon/typhoon#215
- Loading branch information