If RBAC is enabled in your cluster, you might get the following error when trying to create a Defender DaemonSet.

Error creating: pods "twistlock-defender-ds-" is forbidden: unable to validate against any pod security policy ..Privileged containers are not allowed

If you get this error, then you must create a Role and RoleBinding so that Defender can run with the privileges it needs. Create a Role and RoleBinding for the twistlock namespace. You can use the following example Role and RoleBinding:

Role
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: twistlock-role
  namespace: twistlock
rules:
- apiGroups:
  - extensions
  resourceNames:
  - privileged
  resources:
  - podsecuritypolicies
  verbs:
  - use
RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: twistlock-rolebinding
  namespace: twistlock
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: twistlock-role
subjects:
- kind: ServiceAccount
  name: twistlock-service
  namespace: twistlock