A set of RBAC resources to enforce the restricted psp across all service accounts

restricted-psp-rbac.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: restricted-cluster-role
rules:
- apiGroups:
  - policy
  resourceNames:
  - restricted-psp
  resources:
  - podsecuritypolicies
  verbs:
  - use
  ---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: restricted-cluster-role-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: restricted-cluster-role
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: Group
  name: system:serviceaccounts