vendor/k8s.io/kubernetes/cluster/gce/addons/podsecuritypolicies/persistent-volume-binder-role.yaml - cloudstack-kubernetes-provider - Git at Google

 apiVersion: rbac.authorization.k8s.io/v1
 # The persistent volume binder creates recycler pods in the default namespace,
 # but the addon manager only creates namespaced objects in the kube-system
 # namespace, so this is a ClusterRole.
 kind: ClusterRole
 metadata:
   name: gce:podsecuritypolicy:persistent-volume-binder
   namespace: default
   labels:
     kubernetes.io/cluster-service: "true"
     addonmanager.kubernetes.io/mode: Reconcile
 rules:
 - apiGroups:
   - policy
   resourceNames:
   - gce.persistent-volume-binder
   resources:
   - podsecuritypolicies
   verbs:
   - use
	apiVersion: rbac.authorization.k8s.io/v1
	# The persistent volume binder creates recycler pods in the default namespace,
	# but the addon manager only creates namespaced objects in the kube-system
	# namespace, so this is a ClusterRole.
	kind: ClusterRole
	metadata:
	name: gce:podsecuritypolicy:persistent-volume-binder
	namespace: default
	labels:
	kubernetes.io/cluster-service: "true"
	addonmanager.kubernetes.io/mode: Reconcile
	rules:
	- apiGroups:
	- policy
	resourceNames:
	- gce.persistent-volume-binder
	resources:
	- podsecuritypolicies
	verbs:
	- use