Tanzu Kubernetes clusters require pod security policy (PSP) to deploy workloads. If you define your own PSP, you must create a Role or ClusterRole that references the PSP.
Example Role for PodSecurityPolicy
The following example demonstrates a Role bound to PodSecurityPolicy. In the role definition, the example-role is granted the use verb to a custom PSP resource that you define. Alternatively, use one of the default PSPs. Then, create a binding.
apiVersion: rbac.authorization.k8s.io/v1beta1 kind: Role metadata: name: example-role namespace: tkgs-cluster-ns rules: - apiGroups: - "" resources: - configmaps verbs: - create - get - list - watch - update - apiGroups: - "" resources: - events verbs: - create - update - patch - apiGroups: - extensions resourceNames: - CUSTOM-OR-DEFAULT-PSP resources: - podsecuritypolicies verbs: - use
