kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: contiv-netmaster namespace: kube-system rules: - apiGroups: - "" - extensions resources: - pods - nodes - namespaces - networkpolicies verbs: - get - watch - list - update - apiGroups: - policy resourceNames: - privileged resources: - podsecuritypolicies verbs: - use