kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: contiv-netplugin namespace: kube-system rules: - apiGroups: - "" - extensions resources: - endpoints - nodes - namespaces - networkpolicies - pods - services verbs: - watch - list - update - get - apiGroups: - policy resourceNames: - privileged resources: - podsecuritypolicies verbs: - use