Pod Security Standards and Policies

kubectl apply -f deployment.yaml returns deployment.apps/api-server configured. No errors. The Deployment exists. The ReplicaSet exists. And then nothing: no pods, no warnings in your terminal. The first time this happens, you spend ten minutes wondering if the cluster is broken before you remember to check ReplicaSet events.

That's enforce mode. Pod Security Standards (PSS) gives you three policy profiles and three enforcement modes applied through namespace labels. If you don't understand how they interact, that silent failure is exactly what you'll hit.