Policy Bundle

Pod Security Admission

Pod Security Standards implemented as Validating Admission Policies, with the same levels (baseline and restricted).

Use the bundle

Choose the workflow that fits your platform—automated management with KubeAPT, manual deploy with kubectl, or policy usage examples for namespace enforcement.

Deploy, uninstall, validate, and continuously manage this policy bundle with KubeAPT.

Check out KubeAPT

Deploy with kubectl

Apply the bundle directly using kubectl or your GitOps pipeline.

deploy.sh

mkdir -p /tmp/kolteq && \
curl -L https://github.com/kolteq/kubernetes-security-policies/releases/download/vap_pod-security-admission%40v1.34.0/pod-security-admission_v1.34.0.tar.gz | tar -xz -C /tmp/kolteq && \
kubectl apply -f /tmp/kolteq/pod-security-admission

Use in namespaces

Label namespaces to activate enforcement for this policy set.

namespace.yaml

apiVersion: v1
kind: Namespace
metadata:
  name: production
  labels:
    pss.security.kolteq.com/enforce: restricted

Policies in this bundle

84 policies across 4 resource types. Browse the full catalog with this bundle pre-selected.

Browse policies in this bundle

Pod Security Admission

Use the bundle

Deploy with kubectl

Use in namespaces

Policies in this bundle

Policy list