PodSecurityPolicy deprecation

As of Kubernetes version 1.21, PodSecurityPolicy (beta) is deprecated. The Kubernetes project aims to shut the feature down in version 1.25. When this shutdown occurs, you can no longer use PodSecurityPolicy in Google Kubernetes Engine (GKE).

For more information on the deprecation, refer to the PodSecurityPolicy deprecation blog post.

Alternatives to PodSecurityPolicy

If you want to continue using Pod-level security controls in GKE, we recommend one of the following solutions:

  • Use Gatekeeper: GKE Standard clusters allow you to apply security policies using Gatekeeper. You can use Gatekeeper to enforce the same capabilities as PodSecurityPolicy, as well as take advantage of other functionality such as dry-run, gradual rollouts, and auditing.

    For more information, refer to Applying Pod security policies using Gatekeeper.

  • Use GKE Autopilot clusters: GKE Autopilot clusters implement many of the recommended security policies by default.

    For more information, refer to the Autopilot overview.