Inferensys

Glossary

Pod Security Admission

A built-in Kubernetes admission controller that enforces predefined security levels on pods at creation time, preventing the deployment of privileged or overly permissive agent containers.
Developer demonstrating multi-agent tool use, agent tool selection interface on laptop, casual tech demo moment.
KUBERNETES NATIVE SECURITY

What is Pod Security Admission?

Pod Security Admission (PSA) is a built-in Kubernetes admission controller that enforces predefined, configurable security standards on pods at creation time, replacing the deprecated PodSecurityPolicy.

Pod Security Admission is a built-in Kubernetes admission controller that enforces predefined security levels on pods at creation time. It intercepts pod creation requests and validates their security context against a configured standard—privileged, baseline, or restricted—preventing the deployment of overly permissive or insecure agent containers.

PSA operates by applying namespace labels to define the desired security posture, eliminating the complexity of the deprecated PodSecurityPolicy. The restricted level, for example, mandates that containers run as non-root, drop all capabilities, and disable host namespace sharing, directly enforcing least privilege execution for autonomous agent workloads.

KUBERNETES SECURITY

Pod Security Admission Levels

Pod Security Admission (PSA) defines three distinct policy levels that control the security posture of pods at creation time, replacing the deprecated PodSecurityPolicy (PSP) with a built-in, label-driven admission controller.

01

Privileged

The privileged level is a completely unrestricted policy that allows all known privilege escalations. It is intended for trusted, system-level workloads managed by administrators.

  • Permits host namespaces (network, PID, IPC)
  • Allows privileged containers with full capabilities
  • Accepts hostPath volumes and unrestricted sysctls
  • Suitable for logging daemons, CNI plugins, and node agents

This level provides no security restrictions and should never be used for multi-tenant or untrusted workloads.

Unrestricted
Security Posture
02

Baseline

The baseline level prevents known privilege escalations while allowing the default, minimally specified pod configuration. It is the recommended minimum for most application workloads.

  • Blocks host namespaces and hostPath volumes
  • Prohibits privileged containers and CAP_SYS_ADMIN
  • Restricts hostPort ranges and /proc mount types
  • Allows standard volume types (configMap, secret, emptyDir)

Baseline targets the easiest-to-exploit privilege escalations while maintaining broad compatibility with existing deployments.

03

Restricted

The restricted level enforces the current best practices for pod hardening, following the Pod Security Standards at the cost of some compatibility. It is required for true multi-tenant environments.

  • Requires runAsNonRoot: true and drops all capabilities
  • Mandates seccomp profiles (RuntimeDefault or localhost)
  • Restricts volume types to projected, downwardAPI, and ephemeral only
  • Enforces allowPrivilegeEscalation: false

This level aligns with the restricted Pod Security Standard and is the target for zero-trust cluster architectures.

Zero-Trust
Security Model
04

Namespace Label Enforcement

PSA policies are enforced at the namespace level using well-known labels, providing a declarative model that does not require modifying admission webhook configurations.

  • pod-security.kubernetes.io/enforce: Blocks non-compliant pods
  • pod-security.kubernetes.io/audit: Logs violations without blocking
  • pod-security.kubernetes.io/warn: Returns warnings to the user

Each label accepts a level value (privileged, baseline, restricted) and an optional version (e.g., v1.29) to lock policy definitions to a specific Kubernetes release.

05

Exemption Mechanism

PSA supports fine-grained exemptions for specific users, namespaces, or runtime classes that must bypass policy enforcement. This is critical for infrastructure components.

  • Usernames: Exempt specific service account identities
  • RuntimeClasses: Exempt pods using a particular container runtime
  • Namespaces: Exempt entire namespaces by name

Exemptions are configured in the Pod Security Admission controller configuration and should be audited regularly to prevent privilege creep in system namespaces like kube-system.

06

Migration from PSP

Pod Security Admission replaces the deprecated PodSecurityPolicy (PSP) with a simpler, label-based model that does not require creating and binding complex policy objects.

  • PSPs were mutating; PSA is purely validating
  • PSA policies map directly to the Pod Security Standards
  • Use kubectl label to apply policies instead of RBAC bindings
  • The kubectl dry-run server flag (--dry-run=server) validates pods against PSA before submission

Migration tools like the PSP Migrator can analyze existing PSPs and generate equivalent namespace labels automatically.

POD SECURITY ADMISSION

Frequently Asked Questions

Clear, technical answers to the most common questions about enforcing Pod Security Standards natively in Kubernetes to secure autonomous agent workloads.

Pod Security Admission (PSA) is a built-in Kubernetes admission controller that enforces predefined Pod Security Standards on pods at creation time. It replaces the deprecated PodSecurityPolicy (PSP) by intercepting API server requests to create or update pods and validating their security context against one of three policy levels: privileged, baseline, or restricted. PSA operates at the namespace level using simple labels, such as pod-security.kubernetes.io/enforce: restricted, to define the desired policy. When a pod specification violates the enforced standard—for example, by requesting hostNetwork: true in a restricted namespace—the API server rejects the request with a clear error message before the pod is ever scheduled. This in-process enforcement mechanism eliminates the need for external webhooks, reducing latency and operational complexity while providing a consistent, native security barrier for agent containers.

SECURITY CONTROL COMPARISON

Pod Security Admission vs. Other Kubernetes Security Controls

A feature-level comparison of Pod Security Admission against Pod Security Policies, OPA/Gatekeeper, and Kyverno for enforcing pod security standards in Kubernetes clusters.

FeaturePod Security AdmissionPod Security PoliciesOPA/GatekeeperKyverno

Built-in to Kubernetes

Enforcement point

Admission controller

Admission controller

Admission controller

Admission controller

Policy definition format

Predefined PSA labels

Custom PodSecurityPolicy objects

Rego policy language

Kubernetes-native YAML policies

Granularity of control

3 predefined levels (Privileged, Baseline, Restricted)

Fine-grained per-capability control

Arbitrary custom rules

Arbitrary custom rules

Mutating admission support

Namespace-level enforcement

Exemption mechanism

Namespace labels with warnings

RBAC-based authorization

Exclusion by namespace or object labels

Exclusion by namespace or object selectors

Current support status

GA since Kubernetes 1.25

Removed in Kubernetes 1.25

CNCF graduated project

CNCF incubating project

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.