Pod Security Standards and Admission: Replacing PodSecurityPolicy

February 21, 2026

Kubernetes

Pod-Security-Configuration, Namespace-Security, Migration-Planning, Security-Hardening

Pod-Security, Psa, Psp, Security, Admission-Control

Kubectl

Pod Security Standards and Admission#

PodSecurityPolicy (PSP) was removed from Kubernetes in v1.25. Its replacement is Pod Security Admission (PSA), a built-in admission controller that enforces three predefined security profiles. PSA is simpler than PSP – no separate policy objects, no RBAC bindings to manage – but it is also less flexible. You apply security standards to namespaces via labels and the admission controller handles enforcement.

The Three Security Standards#

Kubernetes defines three Pod Security Standards, each progressively more restrictive: