From de7ac281bdf71fe9f874a1bf45f279cb4ffc8fe6 Mon Sep 17 00:00:00 2001
From: Andrea Hoffer <ahoffer@redhat.com>
Date: Fri, 1 Sep 2023 11:39:53 -0400
Subject: [PATCH] OSDOCS#7527: Adding namespaces that are always set to
 privileged PSA to release notes

---
 release_notes/ocp-4-14-release-notes.adoc | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/release_notes/ocp-4-14-release-notes.adoc b/release_notes/ocp-4-14-release-notes.adoc
index 1794ac1135..deb3e7368c 100644
--- a/release_notes/ocp-4-14-release-notes.adoc
+++ b/release_notes/ocp-4-14-release-notes.adoc
@@ -150,6 +150,17 @@ With this release, you can now require your workloads to use a specific security
 
 For more information, see xref:../authentication/managing-security-context-constraints.adoc#security-context-constraints-requiring_configuring-internal-oauth[Configuring a workload to require a specific SCC].
 
+[id="ocp-4-14-auth-psa-privileged-namespaces"]
+==== Pod security admission privileged namespaces
+
+With this release, the following system namespaces are always set to the `privileged` pod security admission profile:
+
+* `default`
+* `kube-public`
+* `kube-system`
+
+For more information, see xref:../authentication/understanding-and-managing-pod-security-admission.adoc#psa-privileged-namespaces_understanding-and-managing-pod-security-admission[Privileged namespaces].
+
 [id="ocp-4-14-networking"]
 === Networking