All Policies

Pod Security

Pod Security Standards implemented as Kyverno policies.

These Kyverno policies are based on the Kubernetes Pod Security Standards definitions. To apply all Pod Security Standard policies (recommended) install Kyverno and kustomize, then run:

1kustomize build https://github.com/kyverno/policies/pod-security | kubectl apply -f -

Installation is also available via Helm by using the chart kyverno-policies. For more information, see the kyverno-policies repo here.

Pod Security Standard policies are organized in two groups, Baseline and Restricted. Use the filters on the left sidebar to select and view the policies currently covered in each group by selecting the appropriate Policy Category.

PodSecurityPolicy Migration

Kyverno has a number of policies which replicate the same PodSecurityPolicy functionality designed to assist in migrating from PSP to Kyverno. See the PSP Migration policy category for these policies.

For a blog post covering a comparison of PodSecurityPolicy to Pod Security Admission and how to migrate from PSP to Kyverno, see here.