Kubernetes
Pod Security Admission Reference
Search Pod Security Admission profiles (privileged, baseline, restricted), enforcement modes, and restrictions. Covers migration from Pod Security Policy.
Calculations run locally in your browserTool
About this tool
Pod Security Admission Reference
The Pod Security Admission Reference covers privileged, baseline, and restricted profiles, enforce/audit/warn enforcement modes, and Pod Security Policy migration guidance.
• Look up what the baseline PSA profile restricts before applying to a namespace
• Find which PSA profile allows a specific container capability
• Reference enforcement mode differences before configuring a namespace
• Plan Pod Security Policy migration to Pod Security Admission
Next step
Init Container Overhead Calculator — Calculate pod resource requests accounting for init container overhead and sequential startup.
Open Init Container Overhead Calculator →
FAQ
What does this tool tell you?
The Pod Security Admission Reference covers privileged, baseline, and restricted profiles, enforce/audit/warn enforcement modes, and Pod Security Policy migration guidance.
What affects the result most?
Pod Security Admission (PSA): replaced Pod Security Policy in 1.25 — namespace-label based enforcement. Three built-in profiles: privileged (unrestricted), baseline (prevents known privesc), restricted (hardened). Enforcement modes: enforce (reject), audit (log), warn (warn but allow) — can combine per namespace.
How should I use the result?
Use this tool to orient quickly to the concepts, field names, or values you are about to look up in a full specification or vendor documentation. It summarizes the common cases; the authoritative source remains whichever standard or vendor doc defines the values themselves.