vendor/k8s.io/kubernetes/cluster/gce/addons/podsecuritypolicies/node-binding.yaml - cloudstack-kubernetes-provider - Git at Google

 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: gce:podsecuritypolicy:nodes
   namespace: kube-system
   annotations:
     kubernetes.io/description: 'Allow nodes to create privileged pods. Should
       be used in combination with the NodeRestriction admission plugin to limit
       nodes to mirror pods bound to themselves.'
   labels:
     addonmanager.kubernetes.io/mode: Reconcile
     kubernetes.io/cluster-service: 'true'
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: gce:podsecuritypolicy:privileged
 subjects:
   - kind: Group
     apiGroup: rbac.authorization.k8s.io
     name: system:nodes
   - kind: User
     apiGroup: rbac.authorization.k8s.io
     # Legacy node ID
     name: kubelet
	apiVersion: rbac.authorization.k8s.io/v1
	kind: RoleBinding
	metadata:
	name: gce:podsecuritypolicy:nodes
	namespace: kube-system
	annotations:
	kubernetes.io/description: 'Allow nodes to create privileged pods. Should
	be used in combination with the NodeRestriction admission plugin to limit
	nodes to mirror pods bound to themselves.'
	labels:
	addonmanager.kubernetes.io/mode: Reconcile
	kubernetes.io/cluster-service: 'true'
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: gce:podsecuritypolicy:privileged
	subjects:
	- kind: Group
	apiGroup: rbac.authorization.k8s.io
	name: system:nodes
	- kind: User
	apiGroup: rbac.authorization.k8s.io
	# Legacy node ID
	name: kubelet