No Clusterrolebinding for Restricted PSP

smitphilip · March 17, 2021, 1:09pm

Brand new on-prem cluster with PSP’s enabled. The cluster was created from a template with the following relevant parameters set.
Pod Security Policy Support = true
Default Pod Security Policy = restricted

I’m expecting to see a clusterrolebinding similar to the below created. To try and trigger the creation of this clusterrolebinding, I have created a project with restricted PSPs, and added a namespace to the project as well.

I do have a clusterrole that allows the restricted PSP to be used, however no clusterrolebinding. When should this clusterrolebinding be created?

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: restricted-role-bind
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: restricted-clusterrole
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: Group
  name: system:serviceaccounts

Topic		Replies	Views
Understanding the Use of cattle-unauthenticated ClusterRole and ClusterRoleBinding	0	152	April 18, 2024
Rancher 2.6.3 created kubeconfig does not allow RBAC testing of service account Rancher	5	3046	February 28, 2022
Creating EKS cluster with default settings Rancher	0	898	March 15, 2019
Group permissions on cluster level with active directory Rancher	3	2327	July 3, 2018
Error when enabling Pod Security Policy Support Rancher	0	352	August 26, 2020

No Clusterrolebinding for Restricted PSP

Related topics