Multiple role bindings end up added to a bootstrap namespace node policy?

[smarterclayton]

From my PR, adding a new namespace role:

$ oc get rolebindings -n openshift-node
NAME                        ROLE                         USERS     GROUPS                                                   SERVICE ACCOUNTS   SUBJECTS
system:node-config-reader   /system:node-config-reader             system:nodes, system:nodes, system:nodes, system:nodes

restart apiserver

$ oc get rolebindings -n openshift-node
NAME                        ROLE                         USERS     GROUPS                                                                 SERVICE ACCOUNTS   SUBJECTS
system:node-config-reader   /system:node-config-reader             system:nodes, system:nodes, system:nodes, system:nodes, system:nodes

Looks like its happening for others:

openshift         shared-resource-viewers                          openshift/shared-resource-viewer                                       system:authenticated, system:authenticated, system:authenticated, system:authenticated, system:authenticated

[smarterclayton]

@enj related to your changes?

[enj]

@smarterclayton kubernetes/kubernetes#53239

[enj]

Added to 3.7 pick list #16361 so this should be closed once that is done.

[enj]

@liggitt was closing this intentional?