The PodSecurityPolicy object was merged by @pweil- in #7893.

That defined a new type, (https://github.com/kubernetes/kubernetes/blob/master/pkg/apis/extensions/v1beta1/types.go#L919), a registry, kubectl support, and a client.

We still need to:

• expose the extension by default, and generate the docs for it.
• write code that decides whether a Pod create/update is allowed by any maching PSP. (assume this exists downstream in openshift.)
• decide on a way to determine which type applies to which requests; that is, something to bind request attributes, like user, groups, namespace, with the PSPs that apply to that pod.
• write admission controller code that does the previous two things and says yes or no to Pod creates/updates.
• define behavior when multiple PodSecurityPolicy objects allow a pod - Prefer non-mutating PSPs, then order by name #52849
• define a way for policy authors to affect which PSP is selected when multiple PodSecurityPolicy objects allow a pod - Prefer non-mutating PSPs, then order by name #52849