examples/podsecuritypolicy/rbac: fix names in comments and sync with examples repository.

examples/podsecuritypolicy/rbac/bindings.yaml

@@ -1,5 +1,5 @@
-# privilegedPSP gives the privilegedPSP role
+# privileged-psp-users gives the privileged-psp-user role
-# to the group privileged.
+# to the group privileged-psp-users.
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@@ -13,8 +13,8 @@ roleRef:
    kind: ClusterRole
    name: privileged-psp-user
 ---
-# restrictedPSP grants the restrictedPSP role to
+# restricted-psp-users grants the restricted-psp-user role to
-# the groups restricted and privileged.
+# the groups restricted-psp-users and privileged-psp-users.
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@@ -32,7 +32,7 @@ roleRef:
    name: restricted-psp-user
 ---
 # edit grants edit role to the groups
-# restricted and privileged.
+# restricted-psp-users and privileged-psp-users.
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:

examples/podsecuritypolicy/rbac/policies.yaml

@@ -16,6 +16,12 @@ spec:
   - '*'
   allowedCapabilities:
   - '*'
+  hostPID: true
+  hostIPC: true
+  hostNetwork: true
+  hostPorts:
+  - min: 1
+    max: 65536
 ---
 apiVersion: extensions/v1beta1
 kind: PodSecurityPolicy
@@ -38,4 +44,6 @@ spec:
   - 'configMap'
   - 'persistentVolumeClaim'
   - 'projected'
-
+  hostPID: false
+  hostIPC: false
+  hostNetwork: false

examples/podsecuritypolicy/rbac/roles.yaml

@@ -1,5 +1,4 @@
-# restrictedPSP grants access to use
+# restricted-psp-user grants access to use the restricted PSP.
-# the restricted PSP.
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@@ -14,8 +13,7 @@ rules:
   verbs:
   - use
 ---
-# privilegedPSP grants access to use the privileged
+# privileged-psp-user grants access to use the privileged PSP.
-# PSP.
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata: