Kubernetes
Pod Security Admission Reference
Search Pod Security Admission profiles (privileged, baseline, restricted), enforcement modes, and restrictions. Covers migration from Pod Security Policy.
No data is transmitted — everything runs locallyTool
About this tool
Pod Security Admission Reference
The Pod Security Admission Reference covers privileged, baseline, and restricted profiles, enforce/audit/warn enforcement modes, and Pod Security Policy migration guidance.
• Look up what the baseline PSA profile restricts before applying to a namespace
• Find which PSA profile allows a specific container capability
• Reference enforcement mode differences before configuring a namespace
• Plan Pod Security Policy migration to Pod Security Admission
Next step
Init Container Overhead Calculator — Calculate pod resource requests accounting for init container overhead and sequential startup.
Open Init Container Overhead Calculator →
FAQ
What does this tool tell you?
The Pod Security Admission Reference covers privileged, baseline, and restricted profiles, enforce/audit/warn enforcement modes, and Pod Security Policy migration guidance.
What affects the result most?
Pod Security Admission (PSA): replaced Pod Security Policy in 1.25 — namespace-label based enforcement. Three built-in profiles: privileged (unrestricted), baseline (prevents known privesc), restricted (hardened). Enforcement modes: enforce (reject), audit (log), warn (warn but allow) — can combine per namespace.
How should I use the result?
Use this tool to orient quickly to the concepts, field names, or values you are about to look up in a full specification or vendor documentation. It summarizes the common cases; the authoritative source remains whichever standard or vendor doc defines the values themselves.