| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: RoleBinding |
| metadata: |
| name: gce:podsecuritypolicy:unprivileged-addon |
| namespace: kube-system |
| labels: |
| addonmanager.kubernetes.io/mode: Reconcile |
| kubernetes.io/cluster-service: "true" |
| roleRef: |
| apiGroup: rbac.authorization.k8s.io |
| kind: Role |
| name: gce:podsecuritypolicy:unprivileged-addon |
| subjects: |
| - kind: Group |
| # All service accounts in the kube-system namespace are allowed to use this. |
| name: system:serviceaccounts:kube-system |
| apiGroup: rbac.authorization.k8s.io |