Support RBAC by default with kube-dns addon

[jstangroome]

A step toward #1722

Kubernetes already pre-defines a ClusterRoleBinding system:kube-dns which gives the kube-dns ServiceAccount the required rules to operate in a cluster with RBAC enabled, i.e.:

$ kubectl get clusterrole -n kube-system system:kube-dns -o yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
  name: system:kube-dns
rules:
- apiGroups:
  - ""
  resources:
  - endpoints
  - services
  verbs:
  - list
  - watch

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: jstangroome
To fully approve this pull request, please assign additional approvers.
We suggest the following additional approver: dlorenc

Assign the PR to them by writing /assign @dlorenc in a comment when ready.

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[minikube-bot]

Can one of the admins verify this patch?

[jstangroome]

/assign @dlorenc

[dlorenc]

@minikube-bot ok to test

[Jokero]

@jstangroome Builds failed?)

[jstangroome]

I've built minikube locally on a Ubuntu 18.04 machine with Golang 1.10 and run minikube start --vm-driver=none as per one of the failing test runs on this PR. The kube-dns Pod runs successfully, as the kube-dns Service Account, without any restarts. The logs for all the containers in the kube-dns Pod all look clean.

I cannot grok the reason for failure from the logs of the test runs linked in this PR discussion. I'm happy to dig further if anyone can provide some direction.

cc @Jokero

[dlorenc]

I think this is obsolete with the kubeadm bootstrapper.