| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: RoleBinding |
| metadata: |
| name: gce:podsecuritypolicy:nodes |
| namespace: kube-system |
| annotations: |
| kubernetes.io/description: 'Allow nodes to create privileged pods. Should |
| be used in combination with the NodeRestriction admission plugin to limit |
| nodes to mirror pods bound to themselves.' |
| labels: |
| addonmanager.kubernetes.io/mode: Reconcile |
| kubernetes.io/cluster-service: 'true' |
| roleRef: |
| apiGroup: rbac.authorization.k8s.io |
| kind: ClusterRole |
| name: gce:podsecuritypolicy:privileged |
| subjects: |
| - kind: Group |
| apiGroup: rbac.authorization.k8s.io |
| name: system:nodes |
| - kind: User |
| apiGroup: rbac.authorization.k8s.io |
| # Legacy node ID |
| name: kubelet |