let examples be clusterroles

charts/postgres-operator/templates/clusterrole-postgres-pod.yaml

@@ -1,6 +1,6 @@
 {{ if .Values.rbac.create }}
 apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
+kind: ClusterRole
 metadata:
   name: {{ include "postgres-pod.serviceAccountName" . }}
   labels:

manifests/operator-service-account-rbac.yaml

@@ -230,7 +230,7 @@ subjects:
 
 ---
 apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
+kind: ClusterRole
 metadata:
   name: postgres-pod
 rules:

pkg/controller/controller.go

@@ -305,20 +305,6 @@ func (c *Controller) initRole() {
 		            "verbs": [
 		                "create"
 		            ]
-		        },
-		        {
-		            "apiGroups": [
-		                "extensions"
-		            ],
-		            "resources": [
-		                "podsecuritypolicies"
-		            ],
-		            "resourceNames": [
-		                "privileged"
-		            ],
-		            "verbs": [
-		                "use"
-		            ]
 		        }
 		    ]
 		}`, c.PodServiceAccount.Name)