diff --git a/sysinv/sysinv/sysinv/sysinv/common/constants.py b/sysinv/sysinv/sysinv/sysinv/common/constants.py
index 0b6d195df0..44b7694578 100644
--- a/sysinv/sysinv/sysinv/sysinv/common/constants.py
+++ b/sysinv/sysinv/sysinv/sysinv/common/constants.py
@@ -1051,6 +1051,9 @@ SERVICE_PARAM_NAME_OIDC_ISSUER_URL = 'oidc_issuer_url'
 SERVICE_PARAM_NAME_OIDC_CLIENT_ID = 'oidc_client_id'
 SERVICE_PARAM_NAME_OIDC_USERNAME_CLAIM = 'oidc_username_claim'
 SERVICE_PARAM_NAME_OIDC_GROUPS_CLAIM = 'oidc_groups_claim'
+SERVICE_PARAM_NAME_ADMISSION_PLUGINS = 'admission_plugins'
+
+VALID_ADMISSION_PLUGINS = ['PodSecurityPolicy']
 
 # ptp service parameters
 SERVICE_PARAM_SECTION_PTP_GLOBAL = 'global'
diff --git a/sysinv/sysinv/sysinv/sysinv/common/service_parameter.py b/sysinv/sysinv/sysinv/sysinv/common/service_parameter.py
index 6e4e1aee06..9d8bf00c0d 100644
--- a/sysinv/sysinv/sysinv/sysinv/common/service_parameter.py
+++ b/sysinv/sysinv/sysinv/sysinv/common/service_parameter.py
@@ -324,6 +324,19 @@ def _validate_domain(name, value):
             (name, value)))
 
 
+def _validate_admission_plugins(name, value):
+    """Check if specified plugins are supported"""
+    if not value:
+        raise wsme.exc.ClientSideError(_(
+            "Please specify at least 1 plugin"))
+
+    plugins = value.split(',')
+    for plugin in plugins:
+        if plugin not in constants.VALID_ADMISSION_PLUGINS:
+            raise wsme.exc.ClientSideError(_(
+                "Invalid admission plugin: '%s'" % plugin))
+
+
 IDENTITY_CONFIG_PARAMETER_OPTIONAL = [
     constants.SERVICE_PARAM_IDENTITY_CONFIG_TOKEN_EXPIRATION,
 ]
@@ -534,10 +547,12 @@ KUBERNETES_APISERVER_PARAMETER_OPTIONAL = [
     constants.SERVICE_PARAM_NAME_OIDC_CLIENT_ID,
     constants.SERVICE_PARAM_NAME_OIDC_USERNAME_CLAIM,
     constants.SERVICE_PARAM_NAME_OIDC_GROUPS_CLAIM,
+    constants.SERVICE_PARAM_NAME_ADMISSION_PLUGINS,
 ]
 
 KUBERNETES_APISERVER_PARAMETER_VALIDATOR = {
     constants.SERVICE_PARAM_NAME_OIDC_ISSUER_URL: _validate_oidc_issuer_url,
+    constants.SERVICE_PARAM_NAME_ADMISSION_PLUGINS: _validate_admission_plugins,
 }
 
 KUBERNETES_APISERVER_PARAMETER_RESOURCE = {
@@ -549,6 +564,8 @@ KUBERNETES_APISERVER_PARAMETER_RESOURCE = {
         'platform::kubernetes::params::oidc_username_claim',
     constants.SERVICE_PARAM_NAME_OIDC_GROUPS_CLAIM:
         'platform::kubernetes::params::oidc_groups_claim',
+    constants.SERVICE_PARAM_NAME_ADMISSION_PLUGINS:
+        'platform::kubernetes::params::admission_plugins',
 }
 
 HTTPD_PORT_PARAMETER_OPTIONAL = [