1. Proposed title of this feature request
Support for Restricted Pod Security Standards on Native Kubernetes Management Clusters

2. What is the nature and description of the request?
Enable HyperShift to support the restricted Pod Security Standard when deployed on native Kubernetes management clusters (specifically AKS). Currently, HyperShift requires baseline Pod Security Standards for native Kubernetes deployments due to pod startup failures, while restricted works successfully on OpenShift management clusters. We request enhancements to allow restricted mode compatibility across all management cluster types.

We need to ensure all existing HCPs can be successfully migrated to the new pod security standard, without interruption.

3. Why does the customer need this? (List the business requirements here)

• Security Compliance: ARO-HCP requires enhanced security posture through restricted Pod Security Standards to meet enterprise security requirements
• Risk Mitigation: Current baseline configuration allows potentially dangerous capabilities and volume types that pose security risks
• Consistency: Need uniform security standards across different management cluster deployments (OpenShift vs native Kubernetes)
• Regulatory Requirements: Many customers require the strictest available Pod security controls for compliance purposes
• Production Readiness: restricted standard represents Kubernetes security best practices for production workloads

4. List any affected packages or components.

• HyperShift control plane components