It was found that the API server configuration admission control plugins parameter does not include 'PodSecurityPolicy' and 'SecurityContextDeny'. An admission controller is a code which being executed after the request authentication and authorization in order to validate it or change it. This admission controller deny any pod that attempts to set escalating security context fields.
Recommended Mitigation
It is recommended to include the SecurityContextDeny plugin if the PodSecurityPolicy is not enabled in the '--enable-admission-plugins' parameter.
Best practices
