guliujian/gist:0ac0d07540f614f0a47f443436884a66

## gistfile1.txt
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: use-kube-system-psp
rules:
- apiGroups: ['policy']
  resources: ['podsecuritypolicies']
  verbs:     ['use']
  resourceNames:
  - kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: restricted-role-bind
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: use-kube-system-psp
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: Group
  name: system:serviceaccounts:kube-system
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRole
	metadata:
	name: use-kube-system-psp
	rules:
	- apiGroups: ['policy']
	resources: ['podsecuritypolicies']
	verbs: ['use']
	resourceNames:
	- kube-system
	---
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRoleBinding
	metadata:
	name: restricted-role-bind
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: use-kube-system-psp
	subjects:
	- apiGroup: rbac.authorization.k8s.io
	kind: Group
	name: system:serviceaccounts:kube-system