Pod Security Policies are deprecated in K8S 1.21 https://kubernetes.io/docs/concepts/security/pod-security-standards/ https://cloud.redhat.com/blog/pod-security-admission-in-openshift-4.11 New labels added in each namespace pod-security.kubernetes.io/enforce=privileged pod-security.kubernetes.io/audit=restricted pod-security.kubernetes.io/warn=restricted security.openshift.io/scc.podSecurityLabelSync=true #DefaultSpecs needed for restricted profile securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault containers: - name: my-cronjob-container securityContext: allowPrivilegeEscalation: false capabilities: drop: ['ALL']Dry run apply enforce $ oc label --dry-run=server --overwrite ns --all pod-security.kubernetes.io/enforce=restricted Audit script #!/usr/bin/env python3 # filename : audit.py # description : Generates a list of PSA violations # author : mmayeras # company : Red Hat # date : 20221215 # version : 0.