Security Admission Control - Motivatio n + https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/2579-psp-replacement#motivation + PodSecurityPolicy Deprecation: Past, Present, and Futur e + https://kubernetes.io/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/#why-is-podsecuritypolicy-going-away It is easy to accidentally grant broader permissions than intended, and dif fi cult to inspect which PSP(s) apply in a given situation. The “changing Pod defaults” feature can be handy, but is only supported for certain Pod settings and it’s not obvious when they will or will not apply to your Pod . Without a “dry run” or audit mode, it’s impractical to retro fi t PSP to existing clusters safely, and it’s impossible for PSP to ever be enabled by default. [PodSecurityPolicy Deprecation: Past, Present, and FutureΑΓҾ༻]