Quiz Report Card: Admission Control Options

Date: 2026-03-09 | Qwen 3.6 Plus added: 2026-04-20 | DeepSeek V4 Pro added: 2026-04-24 | DeepSeek V4 Flash added: 2026-04-24 | GPT 5.5 added: 2026-04-25 | Kimi K2.6 added: 2026-04-26 | Qwen3.6-35b-a3b (Local) added: 2026-05-03 | Gemma 4 31B (Local) added: 2026-05-03 | Claude Opus 4.8 added: 2026-05-31 Question: In a Kubernetes cluster, the administrator would like to restrict which users can create privileged containers. What in-built and third party options are available for them to achieve that goal?

Scoring Criteria

Based on quiz_tests/admission_control_options/Scoring_Notes.md:

  • Pod Security Admission (PSA): Should be mentioned, with note on inflexibility (only 3 fixed profiles, no fine-grained control)
  • Validating Admission Policy: Positive for mentioning
  • Mutating Admission Policy: Positive for mentioning
  • Pod Security Policy (PSP): Must mention deprecation or it’s a negative
  • Pod Security Standards (PSS): Should clarify it’s a standard, not a control mechanism
  • Security Context Constraints (SCC): Must note OpenShift-only or it’s a negative
  • RBAC: Must correctly state it can only control who creates pods, not what’s in the pod spec
  • External tools: OPA Gatekeeper, Kyverno, and Kubewarden are all valid mentions

Results Summary

Model Score PSA + Limits VAP PSP Handled RBAC Correct External Tools Notable Issues
anthropic/claude-opus-4.7 9/10 Yes Yes Yes Yes 3/3 Ties for best
anthropic/claude-sonnet-4.6 9/10 Yes Yes Yes Yes 3/3 Best overall
openai/gpt-5.4 7/10 Partial Yes Yes Yes 3/3 Solid but less detailed
google/gemini-3-flash-preview 7/10 Yes No Yes Yes 2/3 Missing VAP and Kubewarden
minimax/minimax-m2.5 4/10 Partial No Missing No 2/3 RBAC error, missing PSP
minimax/minimax-m2.7 7/10 Yes No Yes Yes 2/3 Missing VAP/MAP
deepseek/deepseek-v3.2 5/10 Partial No Yes No 3/3 RBAC error
qwen/qwen3.6-plus 7/10 Yes No Yes Yes 2/3 Missing Kubewarden, no VAP
deepseek/deepseek-v4-pro 8/10 Yes No Yes Yes 3/3 Strong coverage
deepseek/deepseek-v4-flash 8/10 Yes No Yes Yes 2/3 Missing Kubewarden
moonshotai/kimi-k2.6 9/10 Yes No Yes Yes 4/4 Good PSA/PSS distinction, covers Kubewarden/JsPolicy
openai/gpt-5.5 9/10 Yes Yes Yes Yes 3/3 Comprehensive, ties for best
qwen/qwen3.6-35b-a3b (LOCAL) 7/10 Yes No Yes Yes 2/3 Missing Kubewarden and VAP
anthropic/claude-opus-4.8 9/10 Yes No Yes Yes 3/3 Comprehensive, missing Kubewarden
google/gemma-4-31b (LOCAL) 7.5/10 Yes No Yes Yes 2/3 Missing Kubewarden and VAP

Detailed Analysis

anthropic/claude-opus-4.7 — 9/10

Strengths:

  • Correctly identifies PSA with three levels and three enforcement modes, and notes the key limitation (namespace-level only, no per-user differentiation)
  • Correctly covers Validating Admission Policy (CEL-based, GA in v1.30)
  • PSP correctly flagged as deprecated/removed
  • All three major open-source options: OPA/Gatekeeper, Kyverno, Kubewarden
  • Good distinction between PSA as enforcement mechanism vs the standards it enforces

Weaknesses:

  • No mention of Mutating Admission Policy (bonus item)
  • Could be clearer on ValidatingAdmissionWebhook vs VAP distinction

Comparison vs Opus 4.6 (9): Same score. Comparable quality, both missing Mutating Admission Policy.

Notable: Ties with Sonnet and Opus 4.6 for top score on this question. Strong, consistent Anthropic family performance on admission control.

anthropic/claude-sonnet-4.6 — 9/10

Strengths:

  • Comprehensive coverage of all major built-in mechanisms: PSA, ValidatingAdmissionPolicy (with CEL example), PSP (deprecated), and RBAC
  • PSA limitations clearly articulated: “Only three fixed profiles (no custom policies)”, “Namespace-scoped only”, “Cannot distinguish between different users within a namespace”
  • RBAC correctly scoped: “RBAC alone cannot block privileged containers directly, but can restrict who can create pods at all”
  • All three open-source external tools covered with working code examples (Gatekeeper with Rego, Kyverno with YAML, Kubewarden)
  • Falco correctly identified as detection/alerting only, not enforcement
  • Excellent comparison matrix summarising all options
  • Recommended architecture diagram showing layered approach

Weaknesses:

  • Did not mention Mutating Admission Policy
  • Pod Security Standards not explicitly distinguished from Pod Security Admission as a standard vs mechanism

Notable: The ValidatingAdmissionPolicy CEL example is detailed and functional. The comparison matrix and architecture diagram add significant practical value.

openai/gpt-5.4 — 7/10

Strengths:

  • Clean, well-organised response covering the key tools
  • ValidatingAdmissionPolicy mentioned with CEL reference
  • PSP clearly marked as “deprecated and removed”
  • RBAC correctly scoped: “does not directly control the privileged: true field”
  • All three external tools mentioned (Gatekeeper, Kyverno, Kubewarden)
  • Practical recommendation section is sensible
  • Mention of commercial solutions (Aqua, Prisma Cloud, Sysdig, Red Hat ACS, NeuVector) adds breadth

Weaknesses:

  • PSA limitations not explicitly called out (doesn’t mention the restriction to only 3 fixed profiles)
  • Less detailed than Claude — no code examples for ValidatingAdmissionPolicy or external tools
  • Pod Security Standards not distinguished from PSA

Notable: Offered to provide sample Kyverno/Gatekeeper policies — good instinct for practical follow-up, though the examples should have been included in the initial response.

google/gemini-3-flash-preview — 7/10

Strengths:

  • PSA well covered with limitations explicitly noted: “Coarse-grained (applied at the namespace level, not per user/service account)”
  • Good distinction between PSS and PSA: “uses Pod Security Standards to evaluate pods”
  • PSP strongly deprecated: “Do not use them. They were removed in Kubernetes v1.25”
  • RBAC correctly scoped: “cannot inspect the contents of a Pod”
  • Third-party tools correctly positioned as providing “Fine-Grained Access Control” that PSA lacks
  • Falco correctly identified as runtime detection, not prevention

Weaknesses:

  • Missing ValidatingAdmissionPolicy — a significant omission for a modern Kubernetes answer
  • Missing Kubewarden from external tools
  • NodeRestriction admission controller mention is tangential to the question
  • AppArmor/SELinux mentioned under “Runtime Security” — relevant but tangential to admission control

Notable: The PSP warning (“Do not use them”) is the strongest and clearest deprecation notice across all models. The distinction between admission-time and runtime controls is well drawn.

minimax/minimax-m2.5 — 4/10

Strengths:

  • PSA mentioned with reasonable explanation of the three levels
  • OPA Gatekeeper and Kyverno covered adequately
  • Layered defence recommendation is sensible

Weaknesses:

  • RBAC incorrectly described: Claims “You can create ClusterRole or Role rules that explicitly deny the creation of pods with privileged: true in their security context.” This is wrong — RBAC cannot inspect pod spec contents. This is a significant factual error.
  • PSP not mentioned at all — given its historical importance and the need to warn against it, this is a notable omission
  • ValidatingAdmissionPolicy not mentioned
  • Kubewarden not mentioned
  • NetworkPolicies included as an option — while useful for defence-in-depth, they don’t restrict privileged container creation and are tangential to the question
  • PSA limitations not well articulated

Notable negative: The RBAC error is the most concerning issue. An administrator following this advice would waste time trying to write RBAC rules that cannot achieve the stated goal. Including NetworkPolicies (which don’t block admission) while omitting PSP and VAP shows a misunderstanding of the question’s focus on admission control.

minimax/minimax-m2.7 — 7/10

Strengths:

  • Correctly identifies PSA as the modern built-in solution, properly notes PSP deprecation
  • Good coverage of the three PSS levels (Privileged, Baseline, Restricted)
  • Mentions OPA Gatekeeper and Kyverno as external tools
  • Includes Falco as a runtime detection option
  • Good comparison table summarising the options

Weaknesses:

  • Missing ValidatingAdmissionPolicy and MutatingAdmissionPolicy — a significant gap for a modern Kubernetes answer
  • Doesn’t mention PSA’s inflexibility clearly (only 3 fixed profiles, no fine-grained control)
  • Doesn’t distinguish PSS (standard) from PSA (mechanism) — treats them as interchangeable

Notable: A well-structured and comprehensive response that represents a major improvement over MiniMax M2.5 (which had the RBAC error and missed PSP). The main gap is missing the newer admission policy features (VAP/MAP) that Claude and GPT 5.4 covered.

deepseek/deepseek-v3.2 — 5/10

Strengths:

  • PSA mentioned with configuration example
  • PSP correctly marked as deprecated (1.21) and removed (1.25)
  • All three external tools mentioned (Gatekeeper, Kyverno, Kubewarden)
  • Code examples provided for Gatekeeper and Kyverno policies
  • Datree mentioned as a CI-focused option — a reasonable addition

Weaknesses:

  • RBAC incorrectly described: Suggests using “RBAC with ResourceNames” to restrict to patterns like "*-unprivileged-*". This is misleading — resourceNames matches specific resource names, not glob patterns, and RBAC fundamentally cannot inspect pod spec fields like privileged: true
  • ValidatingAdmissionPolicy not specifically mentioned (only generic “Admission Webhooks” framework)
  • PSA limitations not discussed at all
  • Pod Security Standards and PSA conflated in the heading but not clearly distinguished

Notable negative: The RBAC with ResourceNames suggestion is problematic. It implies pattern-matching on resource names could enforce security policy, which would give administrators false confidence in a control that doesn’t work as described.

deepseek/deepseek-v4-pro — 8/10

Strengths:

  • Strong response covering PSA, OPA/Gatekeeper, and Kyverno
  • Properly notes PSP deprecation and per-namespace limitation
  • All three major external tools mentioned (OPA Gatekeeper, Kyverno, Kubewarden)

Weaknesses:

  • Missing ValidatingAdmissionPolicy (VAP) — a significant gap for a modern Kubernetes answer
  • Missing Kubewarden from external tools

Notable: A significant improvement over DeepSeek V3.2 (which scored 5/10 with an RBAC error). Correctly scopes RBAC and avoids the factual errors of its predecessor. The gap to the top score is the missing VAP coverage.

deepseek/deepseek-v4-flash — 8/10

Strengths:

  • Correctly covers PSA with namespace-level enforcement and key limitations
  • PSP correctly flagged as deprecated with appropriate warning
  • Covers OPA/Gatekeeper and Kyverno as external tools
  • Validating Admission Policy not mentioned but compensated by strong overall coverage

Weaknesses:

  • Missing ValidatingAdmissionPolicy (VAP) — a significant gap for a modern Kubernetes answer
  • Missing Kubewarden from external tools (only 2 of 3 open-source options)

Notable: Matches V4 Pro at 8/10 — both DeepSeek V4 models show the same gap (missing VAP) but otherwise solid coverage. A major improvement over V3.2 (5/10, which had the RBAC error).

qwen/qwen3.6-plus — 7/10

Strengths:

  • Correctly identifies PSA with three levels and key limitation (namespace-scoped, not user-scoped)
  • PSP correctly flagged as deprecated and removed in 1.25
  • RBAC correctly scoped: “Controls who can create pods in which namespaces” with explicit caveat that it “Doesn’t inspect pod specs”
  • Both OPA Gatekeeper and Kyverno well covered with working policy examples (Kyverno YAML is detailed and functional)
  • Good practical recommendation section combining PSA + RBAC namespace isolation
  • Custom ValidatingAdmissionWebhook mentioned as an enterprise option

Weaknesses:

  • Missing ValidatingAdmissionPolicy — does not mention the CEL-based native admission policy mechanism
  • Missing Kubewarden from external tools (only 2 of 3 open-source options)
  • No mention of Mutating Admission Policy
  • Pod Security Standards not explicitly distinguished from PSA as standard vs mechanism

Notable: The Kyverno policy example with userInfo group matching is the most practical and immediately usable policy snippet across all models. The response demonstrates strong operational knowledge but misses the newer native features (VAP/MAP).

openai/gpt-5.5 — 9/10

Strengths:

  • Comprehensive coverage of PSA with all three levels, three enforcement modes, and key limitations clearly articulated: “namespace-based”, “does not provide fine-grained per-user policy within the same namespace”
  • ValidatingAdmissionPolicy covered with a detailed CEL expression example that checks securityContext.privileged — one of the most functional VAP examples across all models
  • PSP correctly identified as deprecated in 1.21 and removed in 1.25 with clear warning not to use it
  • RBAC correctly scoped from the very first paragraph: “RBAC controls access to resources and verbs… but does not natively restrict individual Pod spec fields”
  • All three major open-source tools covered: OPA Gatekeeper (with Rego example), Kyverno (with YAML policy), and Kubewarden
  • Excellent summary comparison table covering all options with built-in/third-party status and per-user control capability
  • Mentions OpenShift SCCs correctly scoped as platform-specific
  • ValidatingAdmissionWebhook also covered as a custom option

Weaknesses:

  • No mention of Mutating Admission Policy (bonus item)
  • Pod Security Standards not explicitly distinguished from PSA as a standard vs mechanism

Notable: Ties with Claude Opus 4.7 and Sonnet 4.6 for the top score. The response is exceptionally well-structured with working code examples for VAP, Gatekeeper, and Kyverno. The OpenShift SCC mention (correctly scoped as platform-specific) is a nice addition that no other model included without error.

moonshotai/kimi-k2.6 — 9/10

Strengths:

  • Good distinction between PSA and PSS — correctly identifies PSA as the enforcement mechanism and PSS as the standard
  • PSP correctly flagged as deprecated
  • Covers all four major external tools: OPA Gatekeeper, Kyverno, Kubewarden, and JsPolicy — the broadest third-party coverage of any model
  • RBAC correctly scoped

Weaknesses:

  • Missing MutatingAdmissionPolicy (bonus item)
  • No mention of ValidatingAdmissionPolicy (VAP)

Notable: Ties for the top score at 9/10 alongside Opus 4.7, Sonnet, and GPT 5.5. The inclusion of JsPolicy as a fourth external tool is unique across all models.

qwen/qwen3.6-35b-a3b (LOCAL) — 7/10

Strengths:

  • Covers PSA with good limitation notes — correctly identifies namespace-level enforcement and inflexibility of the three fixed profiles
  • RBAC correctly scoped — does not claim RBAC can inspect pod spec contents
  • Kyverno and OPA/Gatekeeper covered as external tools
  • PSP correctly flagged as deprecated

Weaknesses:

  • Missing ValidatingAdmissionPolicy (VAP) — a significant gap for a modern Kubernetes answer
  • Missing Kubewarden from external tools (only 2 of 3 major open-source options)
  • No mention of Mutating Admission Policy

Notable: No hallucinations — errors are omissions rather than fabricated information. Matches Gemini 3 Flash, Qwen 3.6 Plus, MiniMax M2.7, and GPT 5.4 at 7/10. The missing VAP is the same gap as most non-Anthropic, non-OpenAI models.

google/gemma-4-31b (LOCAL) — 7.5/10

Strengths:

  • Correctly identifies PSA with namespace-level enforcement and inflexibility of the three fixed profiles
  • RBAC correctly scoped — does not claim RBAC can inspect pod spec contents
  • PSP correctly flagged as deprecated with appropriate warning
  • Covers OPA/Gatekeeper and Kyverno as the primary external tools
  • Good PSA/PSS distinction

Weaknesses:

  • Missing ValidatingAdmissionPolicy (VAP) — the same gap as most non-Anthropic, non-OpenAI models
  • Missing Kubewarden from external tools (only 2 of 3 major open-source options)
  • No mention of Mutating Admission Policy

Notable: Scores slightly above the 7/10 cluster (Gemini 3 Flash, GPT 5.4, MiniMax M2.7, Qwen 3.6 Plus, Qwen-35b) at 7.5/10 due to slightly better PSA coverage and clearer PSA/PSS distinction. The missing VAP is the standard gap for models without strong knowledge of newer Kubernetes admission control features. No hallucinations — errors are omissions.

anthropic/claude-opus-4.8 — 9/10

Strengths:

  • Comprehensive coverage of PSA with all three levels and key limitations (namespace-level only, no per-user differentiation)
  • PSP correctly flagged as deprecated/removed
  • VAP mentioned — ValidatingAdmissionPolicy covered
  • All three major open-source tools: OPA/Gatekeeper, Kyverno covered
  • RBAC correctly scoped
  • Good PSA/PSS distinction

Weaknesses:

  • Missing Kubewarden from external tools (only 2 of 3 major open-source options)
  • No mention of Mutating Admission Policy (bonus item)

Notable: Ties with Opus 4.7, Sonnet, GPT 5.5, and Kimi K2.6 for the top score at 9/10. Continues the strong Anthropic family performance on admission control. The missing Kubewarden is a minor gap shared with several other models.

Key Findings

  1. ValidatingAdmissionPolicy is a differentiator: Claude (all three Anthropic models) and GPT 5.4 mentioned it. This is an important modern Kubernetes feature that the other models missed entirely.

  2. RBAC is a trap: Two models (MiniMax M2.5 and DeepSeek V3.2) incorrectly claimed RBAC can inspect pod spec contents. Qwen 3.6 Plus handled this correctly.

  3. No model mentioned Mutating Admission Policy as a separate mechanism, though it can be used to modify pod specs at admission time.

  4. No model mentioned Security Context Constraints, which avoided the potential OpenShift-only pitfall but also missed an opportunity to show breadth.

  5. PSP handling: Most models correctly noted PSP deprecation. MiniMax M2.5 omitted it entirely. Qwen 3.6 Plus handled it correctly.

  6. External tool coverage: Claude and DeepSeek V3.2 covered all three open-source tools. GPT 5.4 also covered all three. Gemini 3 Flash, MiniMax M2.5, and Qwen 3.6 Plus missed Kubewarden.

Back to top

Dearbhadh — LLM Kubernetes Security Assessment Tool

This site uses Just the Docs, a documentation theme for Jekyll.