No Clusterrolebinding for Restricted PSP

Brand new on-prem cluster with PSP’s enabled. The cluster was created from a template with the following relevant parameters set.
Pod Security Policy Support = true
Default Pod Security Policy = restricted

I’m expecting to see a clusterrolebinding similar to the below created. To try and trigger the creation of this clusterrolebinding, I have created a project with restricted PSPs, and added a namespace to the project as well.

I do have a clusterrole that allows the restricted PSP to be used, however no clusterrolebinding. When should this clusterrolebinding be created?

kind: ClusterRoleBinding
  name: restricted-role-bind
  kind: ClusterRole
  name: restricted-clusterrole
- apiGroup:
  kind: Group
  name: system:serviceaccounts