From b0ab92c9216b54a71a42ee772a0812d2fba52889 Mon Sep 17 00:00:00 2001
From: chadswen <chadswen@gmail.com>
Date: Thu, 8 Mar 2018 23:56:46 -0600
Subject: [PATCH] Prefix system:node CRB

Change the name of `system:node` CRB to `kubespray:system:node` to avoid
conflicts with the auto-reconciled CRB also named `system:node`

Fixes #2121
---
 roles/kubernetes-apps/cluster_roles/tasks/main.yml            | 2 +-
 roles/kubernetes-apps/cluster_roles/templates/node-crb.yml.j2 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/kubernetes-apps/cluster_roles/tasks/main.yml b/roles/kubernetes-apps/cluster_roles/tasks/main.yml
index b58670c0f..3f696a9fe 100644
--- a/roles/kubernetes-apps/cluster_roles/tasks/main.yml
+++ b/roles/kubernetes-apps/cluster_roles/tasks/main.yml
@@ -20,7 +20,7 @@
 
 - name: Apply workaround to allow all nodes with cert O=system:nodes to register
   kube:
-    name: "system:node"
+    name: "kubespray:system:node"
     kubectl: "{{bin_dir}}/kubectl"
     resource: "clusterrolebinding"
     filename: "{{ kube_config_dir }}/node-crb.yml"
diff --git a/roles/kubernetes-apps/cluster_roles/templates/node-crb.yml.j2 b/roles/kubernetes-apps/cluster_roles/templates/node-crb.yml.j2
index 98e82dff7..9a4a3c46e 100644
--- a/roles/kubernetes-apps/cluster_roles/templates/node-crb.yml.j2
+++ b/roles/kubernetes-apps/cluster_roles/templates/node-crb.yml.j2
@@ -6,7 +6,7 @@ metadata:
     rbac.authorization.kubernetes.io/autoupdate: "true"
   labels:
     kubernetes.io/bootstrapping: rbac-defaults
-  name: system:node
+  name: kubespray:system:node
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole