When your cluster is running pods with security-sensitive configurations, assign it a , which is a set of rules that monitors the conditions and settings in your pods. If a pod doesn’t meet the rules specified in your policy, the policy stops it from running.

You can assign a pod security policy when you provision a cluster. However, if you need to relax or restrict security for your pods later, you can update the policy while editing your cluster.

Result: The pod security policy is applied to the cluster and any projects within the cluster.

Note: Workloads already running before assignment of a pod security policy are grandfathered in. Even if they don’t meet your pod security policy, workloads running before assignment of the policy continue to run.