Skip to content
cloud-security

Pod Security

Pod Security Standards

Definition

Kubernetes Pod Security Standards (PSS) define three security profiles — Privileged, Baseline, and Restricted — that control the security context settings allowed for pods in a namespace. The Restricted profile enforces best practices like non-root execution, dropping all Linux capabilities, read-only root filesystems, and disabling privilege escalation.

Pod Security Admission (PSA), the built-in enforcement mechanism replacing PodSecurityPolicy, applies these standards at the admission stage.

Related Terms

Kyverno
Kyverno
Gatekeeper
OPA Gatekeeper
Network Policy
Kubernetes Network Policy
← Back to Glossary

Ship secure code faster

Crash Override integrates security into the developer workflow. No context switching, no waiting on reviews.

Talk to a Human See the Product