From 4581ce5dcfa7998aafa112279ed4823b33dff417 Mon Sep 17 00:00:00 2001
From: Billy Tat <btat@suse.com>
Date: Mon, 31 May 2021 18:22:21 +0000
Subject: [PATCH] Add clusterRole and binding to use restricted psp to
 versioned docs

---
 .../rancher-2.5/1.6-hardening-2.5/_index.md   | 30 +++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/content/rancher/v2.5/en/security/rancher-2.5/1.6-hardening-2.5/_index.md b/content/rancher/v2.5/en/security/rancher-2.5/1.6-hardening-2.5/_index.md
index 59588fa422c..b504be806e5 100644
--- a/content/rancher/v2.5/en/security/rancher-2.5/1.6-hardening-2.5/_index.md
+++ b/content/rancher/v2.5/en/security/rancher-2.5/1.6-hardening-2.5/_index.md
@@ -286,6 +286,36 @@ addons: |
     - configMap
     - projected
   ---
+  apiVersion: rbac.authorization.k8s.io/v1
+  kind: ClusterRole
+  metadata:
+    name: psp:restricted
+  rules:
+  - apiGroups:
+    - extensions
+    resourceNames:
+    - restricted
+    resources:
+    - podsecuritypolicies
+    verbs:
+    - use
+  ---
+  apiVersion: rbac.authorization.k8s.io/v1
+  kind: ClusterRoleBinding
+  metadata:
+    name: psp:restricted
+  roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: ClusterRole
+    name: psp:restricted
+  subjects:
+  - apiGroup: rbac.authorization.k8s.io
+    kind: Group
+    name: system:serviceaccounts
+  - apiGroup: rbac.authorization.k8s.io
+    kind: Group
+    name: system:authenticated
+  ---
   apiVersion: networking.k8s.io/v1
   kind: NetworkPolicy
   metadata: