You are viewing documentation for Kubernetes version: v1.22

Kubernetes v1.22 documentation is no longer actively maintained. The version you are currently viewing is a static snapshot. For up-to-date documentation, see the latest version.

Enforce Pod Security Standards by Configuring the Built-in Admission Controller

As of v1.22, Kubernetes provides a built-in admission controller to enforce the Pod Security Standards. You can configure this admission controller to set cluster-wide defaults and exemptions.

Before you begin

Your Kubernetes server must be version v1.22. To check the version, enter kubectl version.

Configure the Admission Controller

kind: AdmissionConfiguration
- name: PodSecurity
    kind: PodSecurityConfiguration
    # Defaults applied when a mode label is not set.
    # Level label values must be one of:
    # - "privileged" (default)
    # - "baseline"
    # - "restricted"
    # Version label values must be one of:
    # - "latest" (default) 
    # - specific version like "v1.22"
      enforce: "privileged"
      enforce-version: "latest"
      audit: "privileged"
      audit-version: "latest"
      warn: "privileged"
      warn-version: "latest"
      # Array of authenticated usernames to exempt.
      usernames: []
      # Array of runtime class names to exempt.
      runtimeClasses: []
      # Array of namespaces to exempt.
      namespaces: []
Last modified June 17, 2022 at 3:38 PM PST : Fix incorrectly displayed K8s minor versions (9c54446e00)