No Clusterrolebinding for Restricted PSP

smitphilip · March 17, 2021, 1:09pm

Brand new on-prem cluster with PSP’s enabled. The cluster was created from a template with the following relevant parameters set.
Pod Security Policy Support = true
Default Pod Security Policy = restricted

I’m expecting to see a clusterrolebinding similar to the below created. To try and trigger the creation of this clusterrolebinding, I have created a project with restricted PSPs, and added a namespace to the project as well.

I do have a clusterrole that allows the restricted PSP to be used, however no clusterrolebinding. When should this clusterrolebinding be created?

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: restricted-role-bind
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: restricted-clusterrole
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: Group
  name: system:serviceaccounts

Topic		Replies	Views
Creating EKS cluster with default settings Rancher 2.x	0	863	March 15, 2019
Group permissions on cluster level with active directory Rancher 2.x	3	2219	July 3, 2018
Error when enabling Pod Security Policy Support Rancher 2.x	0	332	August 26, 2020
RBAC question regarding role inheritance Rancher 2.x	1	1244	July 2, 2019
Rancher Permision set	0	66	January 26, 2024

No Clusterrolebinding for Restricted PSP

Related Topics