Enforce Pod Security Standards by Configuring the Built-in Admission Controller

    Configure the Admission Controller

    1. apiVersion: apiserver.config.k8s.io/v1
    2. kind: AdmissionConfiguration
    3. plugins:
    4. - name: PodSecurity
    5.   configuration:
    6.     apiVersion: pod-security.admission.config.k8s.io/v1alpha1
    7.     # Defaults applied when a mode label is not set.
    8.     #
    10.     # - "privileged" (default)
    11.     # - "baseline"
    12.     # - "restricted"
    13.     #
    14.     # Version label values must be one of:
    15.     # - "latest" (default) 
    16.     # - specific version like "v1.23"
    17.     defaults:
    18.       enforce-version: "latest"
    20.       audit-version: "latest"
    21.       warn: "privileged"
    22.       warn-version: "latest"
    23.     exemptions:
    24.       # Array of authenticated usernames to exempt.
    25.       usernames: []
    26.       # Array of runtime class names to exempt.
    27.       runtimeClasses: []
    28.       # Array of namespaces to exempt.