mirror of https://github.com/k3s-io/k3s
25 lines
742 B
YAML
25 lines
742 B
YAML
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: gce:podsecuritypolicy:nodes
|
|
namespace: kube-system
|
|
annotations:
|
|
kubernetes.io/description: 'Allow nodes to create privileged pods. Should
|
|
be used in combination with the NodeRestriction admission plugin to limit
|
|
nodes to mirror pods bound to themselves.'
|
|
labels:
|
|
addonmanager.kubernetes.io/mode: Reconcile
|
|
kubernetes.io/cluster-service: 'true'
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: gce:podsecuritypolicy:privileged
|
|
subjects:
|
|
- kind: Group
|
|
apiGroup: rbac.authorization.k8s.io
|
|
name: system:nodes
|
|
- kind: User
|
|
apiGroup: rbac.authorization.k8s.io
|
|
# Legacy node ID
|
|
name: kubelet
|