apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
creationTimestamp: 2018-08-13T11:34:52Z
name: psp:rootprivileged
namespace: default
resourceVersion: "263399"
selfLink: /apis/rbac.authorization.k8s.io/v1/namespaces/default/roles/psp%3Arootprivileged
uid: e512c27b-9eec-11e8-9bfa-0cc47ab1f848
rules:
- apiGroups:
- extensions
resourceNames:
- permit-root
resources:
- podsecuritypolicies
verbs:
- use
# kubectl get psp permit-root -o yaml
apiVersion: extensions/v1beta1
kind: PodSecurityPolicy
metadata:
creationTimestamp: 2018-08-13T11:23:04Z
name: permit-root
resourceVersion: "264016"
selfLink: /apis/extensions/v1beta1/podsecuritypolicies/permit-root
uid: 3eaf6f3e-9eeb-11e8-9bfa-0cc47ab1f848
spec:
allowPrivilegeEscalation: true
allowedCapabilities:
- '*'
fsGroup:
rule: RunAsAny
readOnlyRootFilesystem: true
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- '*'
- kubectl create rolebinding default:psp:root --role=psp:rootprivileged --serviceaccount=default:default