diff --git a/charts/gardener-extension-admission-metal/values.yaml b/charts/gardener-extension-admission-metal/values.yaml
index d9c61c61..c1b67939 100644
--- a/charts/gardener-extension-admission-metal/values.yaml
+++ b/charts/gardener-extension-admission-metal/values.yaml
@@ -36,7 +36,6 @@ global:
     ciliumDevices:
     ciliumHubbleEnabled:
     ciliumKubeProxyEnabled:
-    ciliumPSPEnabled:
     ciliumTunnel:
     ciliumIPv4NativeRoutingCIDREnabled:
     ciliumLoadBalancingMode:
diff --git a/charts/internal/control-plane/templates/duros-controller.yaml b/charts/internal/control-plane/templates/duros-controller.yaml
index 9a23b2b0..2b8b6977 100644
--- a/charts/internal/control-plane/templates/duros-controller.yaml
+++ b/charts/internal/control-plane/templates/duros-controller.yaml
@@ -108,7 +108,6 @@ spec:
           - -admin-token=/duros/admin-token
           - -admin-key=/duros/admin-key
           - -shoot-kubeconfig=/var/run/secrets/gardener.cloud/shoot/generic-kubeconfig/kubeconfig
-          - -psp-disabled={{ .Values.pspDisabled }}
           - -api-endpoint={{ .Values.duros.controller.apiEndpoint }}
 {{- if .Values.duros.controller.apiCA }}
           - -api-ca=/duros/api-ca
diff --git a/charts/internal/shoot-control-plane/templates/metallb.yaml b/charts/internal/shoot-control-plane/templates/metallb.yaml
index 5efb2c7a..d4790333 100644
--- a/charts/internal/shoot-control-plane/templates/metallb.yaml
+++ b/charts/internal/shoot-control-plane/templates/metallb.yaml
@@ -4,88 +4,6 @@ metadata:
   labels:
     app: metallb
   name: metallb-system
-{{- if not .Values.pspDisabled }}
----
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  labels:
-    app: metallb
-  name: controller
-  namespace: metallb-system
-spec:
-  allowPrivilegeEscalation: false
-  allowedCapabilities: []
-  allowedHostPaths: []
-  defaultAddCapabilities: []
-  defaultAllowPrivilegeEscalation: false
-  fsGroup:
-    ranges:
-    - max: 65535
-      min: 1
-    rule: MustRunAs
-  hostIPC: false
-  hostNetwork: false
-  hostPID: false
-  privileged: false
-  requiredDropCapabilities:
-  - ALL
-  runAsUser:
-    ranges:
-    - max: 65535
-      min: 1
-    rule: MustRunAs
-  seLinux:
-    rule: RunAsAny
-  supplementalGroups:
-    ranges:
-    - max: 65535
-      min: 1
-    rule: MustRunAs
-  volumes:
-  - configMap
-  - secret
-  - emptyDir
----
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  labels:
-    app: metallb
-  name: speaker
-  namespace: metallb-system
-spec:
-  allowPrivilegeEscalation: false
-  allowedCapabilities:
-  - NET_RAW
-  allowedHostPaths: []
-  defaultAddCapabilities: []
-  defaultAllowPrivilegeEscalation: false
-  fsGroup:
-    rule: RunAsAny
-  hostIPC: false
-  hostNetwork: true
-  hostPID: false
-  hostPorts:
-  - max: 7472
-    min: 7472
-  - max: 7946
-    min: 7946
-  privileged: true
-  readOnlyRootFilesystem: true
-  requiredDropCapabilities:
-  - ALL
-  runAsUser:
-    rule: RunAsAny
-  seLinux:
-    rule: RunAsAny
-  supplementalGroups:
-    rule: RunAsAny
-  volumes:
-  - configMap
-  - secret
-  - emptyDir
-  {{- end }}
 ---
 apiVersion: v1
 kind: ServiceAccount
@@ -198,16 +116,6 @@ rules:
   verbs:
   - list
   - watch
-{{- if not .Values.pspDisabled }}
-- apiGroups:
-  - policy
-  resourceNames:
-  - controller
-  resources:
-  - podsecuritypolicies
-  verbs:
-  - use
-{{- end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -242,16 +150,6 @@ rules:
   verbs:
   - create
   - patch
-{{- if not .Values.pspDisabled }}
-- apiGroups:
-  - policy
-  resourceNames:
-  - speaker
-  resources:
-  - podsecuritypolicies
-  verbs:
-  - use
-{{- end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
diff --git a/charts/internal/shoot-control-plane/templates/node-init.yaml b/charts/internal/shoot-control-plane/templates/node-init.yaml
index f0291a78..50ce76fa 100644
--- a/charts/internal/shoot-control-plane/templates/node-init.yaml
+++ b/charts/internal/shoot-control-plane/templates/node-init.yaml
@@ -4,27 +4,6 @@ kind: ServiceAccount
 metadata:
   name: node-init
   namespace: kube-system
-{{- if not .Values.pspDisabled }}
----
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: node-init
-spec:
-  allowedCapabilities:
-  - NET_ADMIN
-  fsGroup:
-    rule: RunAsAny
-  runAsUser:
-    rule: RunAsAny
-  seLinux:
-    rule: RunAsAny
-  supplementalGroups:
-    rule: RunAsAny
-  volumes:
-  - secret
-  hostNetwork: true
-{{- end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -39,16 +18,6 @@ rules:
   - watch
   - list
   - get
-{{- if not .Values.pspDisabled }}
-- apiGroups:
-  - extensions
-  resources:
-  - podsecuritypolicies
-  resourceNames:
-  - node-init
-  verbs:
-  - use
-{{- end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
diff --git a/charts/internal/shoot-control-plane/templates/rbac-duros.yaml b/charts/internal/shoot-control-plane/templates/rbac-duros.yaml
index f011800f..8421d4fd 100644
--- a/charts/internal/shoot-control-plane/templates/rbac-duros.yaml
+++ b/charts/internal/shoot-control-plane/templates/rbac-duros.yaml
@@ -49,21 +49,6 @@ rules:
   - patch
   - update
   - watch
-{{- if not .Values.pspDisabled }}
-- apiGroups:
-  - "policy"
-  resources:
-  - podsecuritypolicies
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-  - use
-{{- end }}
 - apiGroups:
   - "rbac.authorization.k8s.io"
   resources:
diff --git a/charts/internal/shoot-control-plane/values.yaml b/charts/internal/shoot-control-plane/values.yaml
index 50b00353..b832fb8d 100644
--- a/charts/internal/shoot-control-plane/values.yaml
+++ b/charts/internal/shoot-control-plane/values.yaml
@@ -2,7 +2,6 @@
 kubernetesVersion: "1.16.0"
 apiserverIPs: []
 nodeCIDR:
-pspDisabled: false
 
 images:
     droptailer: image-repository:image-tag
diff --git a/charts/internal/shoot-storageclasses/templates/storageclasses.yaml b/charts/internal/shoot-storageclasses/templates/storageclasses.yaml
index f06df0ad..cea045f1 100644
--- a/charts/internal/shoot-storageclasses/templates/storageclasses.yaml
+++ b/charts/internal/shoot-storageclasses/templates/storageclasses.yaml
@@ -140,43 +140,6 @@ kind: ServiceAccount
 metadata:
   name: csi-lvm-reviver
   namespace: csi-lvm
-{{- if not .Values.pspDisabled }}
----
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: csi-lvm-reviver-psp
-  namespace: csi-lvm
-spec:
-  allowPrivilegeEscalation: true
-  privileged: true
-  fsGroup:
-    rule: RunAsAny
-  privileged: true
-  runAsUser:
-    rule: RunAsAny
-  seLinux:
-    rule: RunAsAny
-  supplementalGroups:
-    rule: RunAsAny
-  volumes:
-  - '*'
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: csi-lvm-reviver-psp
-  namespace: csi-lvm
-rules:
-- apiGroups:
-  - extensions
-  resources:
-  - podsecuritypolicies
-  resourceNames:
-  - csi-lvm-reviver-psp
-  verbs:
-  - use
-{{- end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
@@ -200,21 +163,6 @@ rules:
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
-metadata:
-  name: csi-lvm-reviver-psp
-  namespace: csi-lvm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: csi-lvm-reviver-psp
-subjects:
-- apiGroup: ""
-  kind: ServiceAccount
-  name: csi-lvm-reviver
-  namespace: csi-lvm
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
 metadata:
   name: csi-lvm-reviver
   namespace: csi-lvm
diff --git a/charts/internal/shoot-storageclasses/values.yaml b/charts/internal/shoot-storageclasses/values.yaml
index 841f5d07..fee4fabe 100644
--- a/charts/internal/shoot-storageclasses/values.yaml
+++ b/charts/internal/shoot-storageclasses/values.yaml
@@ -4,4 +4,3 @@ images:
     csi-lvm-provisioner: image-repository:image-tag
 
 isDefaultStorageClass: true
-pspDisabled: false
diff --git a/example/10-fake-shoot-controlplane.yaml b/example/10-fake-shoot-controlplane.yaml
index bd26f479..14c24891 100644
--- a/example/10-fake-shoot-controlplane.yaml
+++ b/example/10-fake-shoot-controlplane.yaml
@@ -129,7 +129,7 @@ spec:
       - command:
         - /hyperkube
         - apiserver
-        - --enable-admission-plugins=Priority,NamespaceLifecycle,LimitRanger,PodSecurityPolicy,ServiceAccount,NodeRestriction,DefaultStorageClass,Initializers,DefaultTolerationSeconds,ResourceQuota,StorageObjectInUseProtection,MutatingAdmissionWebhook,ValidatingAdmissionWebhook
+        - --enable-admission-plugins=Priority,NamespaceLifecycle,LimitRanger,ServiceAccount,NodeRestriction,DefaultStorageClass,Initializers,DefaultTolerationSeconds,ResourceQuota,StorageObjectInUseProtection,MutatingAdmissionWebhook,ValidatingAdmissionWebhook
         - --disable-admission-plugins=PersistentVolumeLabel
         - --allow-privileged=true
         - --anonymous-auth=false
diff --git a/example/controller-registration.yaml b/example/controller-registration.yaml
index 32620ff6..451c5e36 100644
--- a/example/controller-registration.yaml
+++ b/example/controller-registration.yaml
@@ -8,7 +8,7 @@ providerConfig:
   chart: H4sIAAAAAAAAA+0ca2/cNjKf9SsIuUXbQ6R9eO0EAnKoG7up7xJ7YfvSOxRFoJXoXcVaURUlO26a/37Dl0S9Vis7ddJGAwNeUZzhkJwZDodDLd3ExxFOLPwuxRENSGTFCbkOfCha49QNR4/uDWOAJ3t7/D9A9T//PdmdTaZ70/19Vj7Z3x3PHqG9+zfdDRlN3QShRwkh6aZ6Xe//orDsnP/nKzdJ7Vt3Hd61DTbB+7NZ6/xPd2fl+Z9C0fgRGn/MjrbBFz7/bhy8xgmbdwddTww3jvNHc2KPTcPH1EuCOOVFB+gnHK6Rx0QCXZIEpSuMXkgRQq+YvKC5FB+US5QRuWvsoE5RM65V02Mb2jY+9dh8CdCt/z7x7CW5Txtd+r+3+6Ri/5/MxnuD/j8EjEZL4iyZBLgpRnSFLA+Ztj2Cv2sc+SQZLYN0lS1sj6xHSliKHyvXuxopdMsjUZqQMATZSfAyoCmUgkTZQLYsVMhGX33ruSkSLb0+Ojs/Pj35Tj7id+46DvGojRxbi9Bz8XIeuhF2BNHj6DJxoVbmpVmiCn8myRVOxINpGKMRmgPP7hJLK4YjdxFiikrDkMUxkRZOFgbRkhs7jyQJ9lJU8IZKvBmxTv3zN2Hd+p9imAwYFXpnT7C3/zcd746ng//3ENBn/t+scBjDEm2ncS9fsMP+T6bT/cr8T/eng/1/EHj/3kI+vgwijEzmppnI+vDB6HbVGB6sD7y2oRMJ3QUOqQ2OpH2FbwU5/pAtcBJhkCM7ICPWVIlGC4lrN8wkT+/foyDywszPObWRRNzASB23yiCj4qCWGrJ93lK9F0EEwhN5mKPbZzjELsX2CTDXyFnOWrCGFUJwhhB7E1yilUvnCbx/h0y6cqd7+w40+5o1D02x+nbqLlGOESdBlF4i82v6/de0WjPBMaFBSpLbTSSgj7iJoHNngtBZrd/VCfFxHJLbNY5S6efnwkFHsPXQh+tTa8WXA33sP/g8l8Fy7cYWn/xr8INIYhGYzZskSHFrjKDL/5/t71bs/xNWNNj/BwBpfUpa/ZpP7KmaV2H7SmGCqyDyHeaCgzy8cmODSYrvpq4DlkBs9putdbPgSCQKrnODKeXFwsgIw+w0mHNG/g8oBFlO0YzVVuzwFumbspQ66A9GZGOvy+Q0o/app+yjwp30v2c0sEP/Z5NJ1f/bnewO+v8g8LEUO5eNP1WZRSu5CiMAy7L4f70jXHBtJcd2LtrUlgSU1NteSDIfvA83jFfuhBPKh0Du78VgZGJ/b1TspaTnhQHwCjUjMCJQTfQQ+K2UO7wUmPU8HLNyYCy9uI0x5UOV4N+yIME+Mjvo23UCKKA5vtnFXxO+ZJkPsirtyZWG2Y8dHTHn47e476gARr92GULe3iJLaNqzRY7Tr02BUl5SmqVq7Xor8JyP+Qqm+CwVcu1Jyf9YQGwjcuti1tzyJXTlxg3DY5iWJHJDsTMpmGh7v4GfVpKtrLGGdtCPx/99dQTDu4YVvIVbvEwwpYeYpkHEtTTns/5mA4cNZDbyhlPPVwpNwXWAgVaPTPNdSk+Uxay2BJi2RLHzmoUkAroLhjJIb7uxZUVNjF3vKosLTqi3wn4WtjMiEGxVT2fDx2HqnkduTFckneMkIH4XmQYURbEySH6WEFrwKQKxjfRVZzmGLSu2S29rddVU7CZpwGZY2PYNMlEmVcErxGMybZAP7lXOszCckzDwGqeyUqW9S3nFc+wlOIVOecTH/iHxrtQK9a/z05Na06K6GuQWrI2cdTf4d3WNvwjo4/8XAZx+G4DN/v9kMtmrnv/v7u4N5/8PArrbrCJxwgM+zGd7613An+L70xh7rOEEXweMz58CZpRvXwbrALy1MX8Tg/V0acmOycLnJItS0SgFXtgW35F+VOqtXm7Hx74goDRBEtAGhfv0UURS5WSolWbL8Eq+7K+wd0WztRZq40rYHDcpTcO3PICLvrIvJJf2DzDwczddIXOryJ35He+yCD4DDzpflZWthdWNW8M7MLsVWzC6LnCmRhiGKwk8teqfewkIeLQsLf4JgUornOUHEQ4yG+L3ZgsGZTQZTppkuKi0w+LcbhamSLLABiwmrJtBpB0XWwkIZLDGLdTZubPkp9yjOTuQ1rmqzYlSKlUhwukNSUCZa/vdlCguLBgeihMQBFD/MCQ32N8O3wcp74cRZwtQSEvW6Y2dBNcsxWArdPDjSZZ4MHh1QoBmgWtKUmqxw5xiAKzUi63ZbLeg3GEVnuZ+rbRQXC1gol3YdyX5RFhdJlMAV8zyzNfOXj58cGqvxQmMWabT4nUKjLjkb+b6TNZrUKRCfCw0anAOhDlawUY90WqWXQY9DwRoQpt6XUsaBOsyCPGzEewdRs1DIw3BSAv6VMmwVmKWAQLtvGMFXpYkMDdWgtkDNECflX1byVf+m2PbBeb5beRRfVxYSysMjv8Cu6mVL2/PNqxuTYhAG99YAdv8XsMIUcaf38pcjmdzvGOJdi6wqq0EpbyX/kNRxu8ajGAZEWiFxFiExKxi4WttgKOcKoyDHKFK+4Yn6/TvgcDr4vwGL0Dxr5T89ZzLCrY0Gsxe61zJWs/l9pFXkqa7RM0PKFugNFUpdU6+LqKQLBbxFlYTZD4222jJtpsI/SxftVCpuCnlJafUlnxlLcAIWq7vs5DJM6d1udrkQUgFCdNVOzXxvomR3DbJw2S907nVl+90XBxd6zZO2OaXRweHR2dvjl4ePb84Pj15c3Lw6uh8fvD8KK+JEE8F+BEWa0crZKEwHPpn+LJcKsuZR+PknqKdS9xd/UPF7/GrgxdHr4HZ07M3p6+Pzn4+O76o8eqgEU9C0w6/Ro2nYZsmKQyuYSQpnSdkgfU+rtI0flGEFgTEvL8jMWu/l19xx6ZzahmwSBTr5U8XF3PtRRAFaeCGhzh0b6UldNBknNdIsOsHvXllWLcPwuqeoTdA61KoLIywGhq53KmYVznbxtxwFzMlHgkddPF8Xo0w5c6SjpMXNsXGCow/UKQiYOOGCBiDaxJma/yKbcMauiyMqcbqmlUUatPtGtxXjdpOo5uYqamSVo/J0GkUgrPF9gTt6sTmJ/DwgecxwifdbuEOci8vmTDdOnkJEx//ALz3g4ZXKD+IOMxgi7U8F0Fd+HXM12BZfPQOe5l+ILUjx4W7ueeljbJ6yQeEbZqP3sXMTusb3aKGha7wbWs6VZ5wVcNDSDgU0Co6jhpec5PW0CBrcovkrTJaSmISkuXtvxmvZjmpa0VoyidC4ggBrrnzFQn01JGpbmS2PjFVILeQr4gPeLOpsm29xHs74e7Pb5eybOB9iA5/ttAn/gt2B9zJJOOXgRaZv8TbBYI773/MKvc/4MeT6RD/fQiQpmWZom9ZqKopevodmlRTwGIePhhdTxYgIipgPCf+YS4eP3Dx+Dwix7Cd/E/kXrtByLZCnDzNFp0dvnfE+K9g+vrof7JwvbtcBO3Qf9D6qv5PJ+Mng/4/BLD0KV2z+Ry7WboiSfC7uNJ09ZT7RUV2WAhjhpMzEuI++t1Hc5MsZB6XxbK6XiQki7n7ZSEtk6sc2TVKWxZWVaQjLDLvCqe0XjKCaU8z/QU0ngS4oaRclfITntKDXsETgyMftBhjQ4mO50eUhbkSv/qoVyoH6hrL9OoiKlb6XbwGD24hh4oZau78B1T8uGGWjv+K819ZDPOM61PSFmuvz4gIBft5aZkJ8x9mnbhHYAhkNo6Uwzpdvk5UqHmwJePeaa1X92xDlfNlSbyrBL+hKnvgSwfLGOQjXLeyeYi3eS7ahts0+T92VCtlUE1Qq+YKBH8d8D1b6baiXiEONO3SXmjnKm2jky/dtPI4gh2qGwa/KymE/UMktZHyvJJcK8RWSNaSB2dSFfJz6NrziHpuiCU5vrWm+oMr9tklxQTlw7UCFn6E/onyokbt1VuyED/AEy5+jGAnKQQ8S/lFURmU8fTEUVEddqSB31HHA7bIWo0wvzwTFG/lbHAHLNhKh2QioE3dmCtm4wwyzBqpHZFIazE/KrgMPNRmlmW1FKxmI3WV+1ca+JuAqUTf3ihSdr828yclcqqgLF1drat0sK7GebrYFvT8LRYyqKMvTcVjH1t+n5V0i6XpDgyApSJMfTfZFSCbglMegpap6sKSdI2r2J/UCTbsYNsXjj7LojBMIWYm+14e1Q/C3vxpjhU0IQ8r1JBt4NDIs+E1l6+DH9hZvYWVj5sJgXxeinp292ebjeCndpv/NtBn/yeX1d5bwI7933RvVs3/m+4P938eBhrv/0iN/fjRm1qO3DZJO5cJWbPMgNC3WCIQPztD3/zy3lTHWqZjXjyfm49N9s50tjse+/DrN/044IlDGPuWSACzQGzY8mHJbKESY1U+yofij6uc34kXdVq4iY+HGqB89i0VMpMcaDEzaLdy0lI6FwceBVETBqiGWGmPLWOAwPO4zF6cggdg8cUx57TIA4EhDFgWaeEbGeLQ6OL08NRBF6uAisWWbb8SAn41u/kDHiT4Q2AgfZ6IGBEUkmiJE2AHvHefZf+xD8dcZjy5Bp3xmyysaI1ciighEftf+7TO99cT+8ke+ywAWmAcgSfDNcq3+0mK8ISserd5mluTQN+J/kdTgrvEd1N+U036KMfsHL4I3G6X2ZsfyFvy8H822+XjUD4550eHfJR6HcR/ahu/Ce6w/stt9fZuQNf5z3Q2qaz/s+l4yP9/ENi0/iuP/ZMe4nzqAfqbQ7f+i8SL+3wAtEP/d8f7Vf0fz/aH858HAZF2ziMlKs3cQcuVlygHTYa5mnLBK5+EYmvj0kF8rWDb/FhLQj8Ib9xbahj6MauDJkYRn0HvPxiG5iI46On46dgoUu94wcQwtIxZ+UmA/ERF7CkqWcAi8a58TLKhYh6XF3Wa8q8dtMuyW8SRyqY229KeHXTphhQbRj3N10G//GpUknZ5mbGDmvJ+2GcQWFZTIO+D72gZQLGbUZFhzJMHDZH9JAb8TJ/u4guPhYOu/1yEZDFau8y9Gi2yIAQ3mpEeidugLI/fUMlnGlUhQ0tCliF+U9yLELiWu/b3ZxKNy425yz43KwryD8FO7MnEfvfX7tWk1ivzn89Yz6bihW3bhlHyHx1D5AqqhE/mjRo7O1CWsrMDyj9MKXXlMcL20kZU3XRa3CLu1BfXigBTKRYjDHTE5aj8opLC5S8NdRNb3Z2SSY2Gl7PW/FWLpm9awD6JqTurNHpLSaR0pfi+RGMN/uWHyVikkMnPMky4zpW/fsD0ovKFgMY7/6zeho8WiNfFdf7KPfXiKr8qUJfzBX+l+/b5bXtDZcXVb9AblSZKF+Hza/DCRIjC6oV1ZiwbrvocX55AI9B9zOOsjbfA2+6AG/lH/4T0YTkYysjLr6oM/tgAAwwwwAADDDDAAAMMMMAAAwwwwAADDDDAAAMMMMDnDf8HJasSEQB4AAA=
   values:
     image:
-      tag: v0.24.5
+      tag: v0.24.7
 ---
 apiVersion: core.gardener.cloud/v1beta1
 kind: ControllerRegistration
diff --git a/pkg/admission/mutator/config.go b/pkg/admission/mutator/config.go
index 6e57c79c..070cef9c 100644
--- a/pkg/admission/mutator/config.go
+++ b/pkg/admission/mutator/config.go
@@ -55,10 +55,6 @@ func (c *config) ciliumKubeProxyEnabled() bool {
 	return c.bool("DEFAULTER_CILIUMKUBEPROXYENABLED", false)
 }
 
-func (c *config) ciliumPSPEnabled() bool {
-	return c.bool("DEFAULTER_CILIUMPSPENABLED", true)
-}
-
 func (c *config) ciliumTunnel() ciliumextensionv1alpha1.TunnelMode {
 	return ciliumextensionv1alpha1.TunnelMode(c.string("DEFAULTER_CILIUMTUNNEL", string(ciliumextensionv1alpha1.Disabled)))
 }
diff --git a/pkg/admission/mutator/defaulter.go b/pkg/admission/mutator/defaulter.go
index bcc53cf5..95559498 100644
--- a/pkg/admission/mutator/defaulter.go
+++ b/pkg/admission/mutator/defaulter.go
@@ -9,6 +9,7 @@ import (
 	calicoextensionv1alpha1 "github.com/gardener/gardener-extension-networking-calico/pkg/apis/calico/v1alpha1"
 	ciliumextensionv1alpha1 "github.com/gardener/gardener-extension-networking-cilium/pkg/apis/cilium/v1alpha1"
 	gardenv1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1"
+
 	"github.com/metal-stack/gardener-extension-provider-metal/pkg/apis/metal"
 	"github.com/metal-stack/gardener-extension-provider-metal/pkg/apis/metal/helper"
 	metalv1alpha1 "github.com/metal-stack/gardener-extension-provider-metal/pkg/apis/metal/v1alpha1"
@@ -181,10 +182,6 @@ func (d *defaulter) defaultCiliumConfig(shoot *gardenv1beta1.Shoot) error {
 		}
 	}
 
-	if networkConfig.PSPEnabled == nil {
-		networkConfig.PSPEnabled = pointer.Pointer(d.c.ciliumPSPEnabled())
-	}
-
 	if networkConfig.TunnelMode == nil {
 		networkConfig.TunnelMode = pointer.Pointer(d.c.ciliumTunnel())
 	}
diff --git a/pkg/admission/mutator/defaulter_test.go b/pkg/admission/mutator/defaulter_test.go
index 75b910fe..2518afd4 100644
--- a/pkg/admission/mutator/defaulter_test.go
+++ b/pkg/admission/mutator/defaulter_test.go
@@ -8,13 +8,14 @@ import (
 	gardenv1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1"
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
+	"github.com/stretchr/testify/require"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/serializer"
+
 	"github.com/metal-stack/gardener-extension-provider-metal/pkg/apis/metal"
 	"github.com/metal-stack/gardener-extension-provider-metal/pkg/apis/metal/helper"
 	"github.com/metal-stack/gardener-extension-provider-metal/pkg/apis/metal/install"
 	metalv1alpha1 "github.com/metal-stack/gardener-extension-provider-metal/pkg/apis/metal/v1alpha1"
-	"github.com/stretchr/testify/require"
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/runtime/serializer"
 
 	"github.com/metal-stack/metal-lib/pkg/pointer"
 )
@@ -57,8 +58,7 @@ func Test_defaulter_defaultShoot(t *testing.T) {
 			},
 		}
 		completeCiliumSpec = &ciliumextensionv1alpha1.NetworkConfig{
-			Debug:      pointer.Pointer(true),
-			PSPEnabled: pointer.Pointer(true),
+			Debug: pointer.Pointer(true),
 			KubeProxy: &ciliumextensionv1alpha1.KubeProxy{
 				ServiceHost: pointer.Pointer("service-host"),
 				ServicePort: pointer.Pointer(int32(1)),
@@ -75,8 +75,6 @@ func Test_defaulter_defaultShoot(t *testing.T) {
 		completeShootSpec = &gardenv1beta1.Shoot{
 			Spec: gardenv1beta1.ShootSpec{
 				Kubernetes: gardenv1beta1.Kubernetes{
-					Version:                   "1.24.0",
-					AllowPrivilegedContainers: pointer.Pointer(false),
 					KubeControllerManager: &gardenv1beta1.KubeControllerManagerConfig{
 						NodeCIDRMaskSize: pointer.Pointer(int32(24)),
 					},
@@ -108,16 +106,11 @@ func Test_defaulter_defaultShoot(t *testing.T) {
 		{
 			name: "empty spec",
 			shoot: &gardenv1beta1.Shoot{
-				Spec: gardenv1beta1.ShootSpec{
-					Kubernetes: gardenv1beta1.Kubernetes{
-						Version: "1.24.0",
-					},
-				},
+				Spec: gardenv1beta1.ShootSpec{},
 			},
 			want: &gardenv1beta1.Shoot{
 				Spec: gardenv1beta1.ShootSpec{
 					Kubernetes: gardenv1beta1.Kubernetes{
-						Version: "1.24.0",
 						KubeControllerManager: &gardenv1beta1.KubeControllerManagerConfig{
 							NodeCIDRMaskSize: pointer.Pointer(int32(23)),
 						},
@@ -148,8 +141,6 @@ func Test_defaulter_defaultShoot(t *testing.T) {
 			shoot: &gardenv1beta1.Shoot{
 				Spec: gardenv1beta1.ShootSpec{
 					Kubernetes: gardenv1beta1.Kubernetes{
-						Version:                   "1.24.0",
-						AllowPrivilegedContainers: pointer.Pointer(false),
 						KubeControllerManager: &gardenv1beta1.KubeControllerManagerConfig{
 							NodeCIDRMaskSize: pointer.Pointer(int32(24)),
 						},
@@ -182,8 +173,6 @@ func Test_defaulter_defaultShoot(t *testing.T) {
 			want: &gardenv1beta1.Shoot{
 				Spec: gardenv1beta1.ShootSpec{
 					Kubernetes: gardenv1beta1.Kubernetes{
-						Version:                   "1.24.0",
-						AllowPrivilegedContainers: pointer.Pointer(false),
 						KubeControllerManager: &gardenv1beta1.KubeControllerManagerConfig{
 							NodeCIDRMaskSize: pointer.Pointer(int32(24)),
 						},
@@ -219,8 +208,6 @@ func Test_defaulter_defaultShoot(t *testing.T) {
 			shoot: &gardenv1beta1.Shoot{
 				Spec: gardenv1beta1.ShootSpec{
 					Kubernetes: gardenv1beta1.Kubernetes{
-						Version:                   "1.24.0",
-						AllowPrivilegedContainers: pointer.Pointer(false),
 						KubeControllerManager: &gardenv1beta1.KubeControllerManagerConfig{
 							NodeCIDRMaskSize: pointer.Pointer(int32(24)),
 						},
@@ -246,8 +233,6 @@ func Test_defaulter_defaultShoot(t *testing.T) {
 			want: &gardenv1beta1.Shoot{
 				Spec: gardenv1beta1.ShootSpec{
 					Kubernetes: gardenv1beta1.Kubernetes{
-						Version:                   "1.24.0",
-						AllowPrivilegedContainers: pointer.Pointer(false),
 						KubeControllerManager: &gardenv1beta1.KubeControllerManagerConfig{
 							NodeCIDRMaskSize: pointer.Pointer(int32(24)),
 						},
@@ -295,8 +280,6 @@ func Test_defaulter_defaultShoot(t *testing.T) {
 			shoot: &gardenv1beta1.Shoot{
 				Spec: gardenv1beta1.ShootSpec{
 					Kubernetes: gardenv1beta1.Kubernetes{
-						Version:                   "1.24.0",
-						AllowPrivilegedContainers: pointer.Pointer(false),
 						KubeControllerManager: &gardenv1beta1.KubeControllerManagerConfig{
 							NodeCIDRMaskSize: pointer.Pointer(int32(24)),
 						},
@@ -325,8 +308,6 @@ func Test_defaulter_defaultShoot(t *testing.T) {
 			want: &gardenv1beta1.Shoot{
 				Spec: gardenv1beta1.ShootSpec{
 					Kubernetes: gardenv1beta1.Kubernetes{
-						Version:                   "1.24.0",
-						AllowPrivilegedContainers: pointer.Pointer(false),
 						KubeControllerManager: &gardenv1beta1.KubeControllerManagerConfig{
 							NodeCIDRMaskSize: pointer.Pointer(int32(24)),
 						},
@@ -356,7 +337,6 @@ func Test_defaulter_defaultShoot(t *testing.T) {
 						Services: pointer.Pointer("10.248.0.0/18"),
 						ProviderConfig: &runtime.RawExtension{
 							Object: &ciliumextensionv1alpha1.NetworkConfig{
-								PSPEnabled: pointer.Pointer(true),
 								Hubble: &ciliumextensionv1alpha1.Hubble{
 									Enabled: true,
 								},
diff --git a/pkg/controller/controlplane/valuesprovider.go b/pkg/controller/controlplane/valuesprovider.go
index c0e3b919..dd8457f0 100644
--- a/pkg/controller/controlplane/valuesprovider.go
+++ b/pkg/controller/controlplane/valuesprovider.go
@@ -11,18 +11,17 @@ import (
 	"strings"
 	"time"
 
+	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
+
 	"github.com/metal-stack/metal-go/api/client/network"
 	"github.com/metal-stack/metal-go/api/models"
 	"github.com/metal-stack/metal-lib/pkg/pointer"
 	"github.com/metal-stack/metal-lib/pkg/tag"
-	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 
 	durosv1 "github.com/metal-stack/duros-controller/api/v1"
 	firewallv1 "github.com/metal-stack/firewall-controller/v2/api/v1"
 
 	extensionscontroller "github.com/gardener/gardener/extensions/pkg/controller"
-	gardencorev1beta1helper "github.com/gardener/gardener/pkg/apis/core/v1beta1/helper"
-
 	"github.com/gardener/gardener/extensions/pkg/controller/controlplane/genericactuator"
 
 	"github.com/metal-stack/gardener-extension-provider-metal/charts"
@@ -37,7 +36,6 @@ import (
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	networkingv1 "k8s.io/api/networking/v1"
-	policyv1beta1 "k8s.io/api/policy/v1beta1"
 	rbacv1 "k8s.io/api/rbac/v1"
 	storagev1 "k8s.io/api/storage/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -169,7 +167,6 @@ var cpShootChart = &chart.Chart{
 	Objects: []*chart.Object{
 		// metallb
 		{Type: &corev1.Namespace{}, Name: "metallb-system"},
-		{Type: &policyv1beta1.PodSecurityPolicy{}, Name: "speaker"},
 		{Type: &corev1.ServiceAccount{}, Name: "controller"},
 		{Type: &corev1.ServiceAccount{}, Name: "speaker"},
 		{Type: &rbacv1.ClusterRole{}, Name: "metallb-system:controller"},
@@ -223,7 +220,6 @@ var cpShootChart = &chart.Chart{
 
 		// node-init
 		{Type: &corev1.ServiceAccount{}, Name: "node-init"},
-		{Type: &policyv1beta1.PodSecurityPolicy{}, Name: "node-init"},
 		{Type: &rbacv1.ClusterRole{}, Name: "kube-system:node-init"},
 		{Type: &rbacv1.ClusterRoleBinding{}, Name: "kube-system:node-init"},
 		{Type: &appsv1.DaemonSet{}, Name: "node-init"},
@@ -245,9 +241,6 @@ var storageClassChart = &chart.Chart{
 		{Type: &corev1.ServiceAccount{}, Name: "csi-lvm-reviver"},
 		{Type: &rbacv1.Role{}, Name: "csi-lvm-reviver"},
 		{Type: &rbacv1.RoleBinding{}, Name: "csi-lvm-reviver"},
-		{Type: &policyv1beta1.PodSecurityPolicy{}, Name: "csi-lvm-reviver-psp"},
-		{Type: &rbacv1.Role{}, Name: "csi-lvm-reviver-psp"},
-		{Type: &rbacv1.RoleBinding{}, Name: "csi-lvm-reviver-psp"},
 		{Type: &appsv1.DaemonSet{}, Name: "csi-lvm-reviver"},
 	},
 }
@@ -390,7 +383,6 @@ func (vp *valuesProvider) GetControlPlaneChartValues(
 
 	values := map[string]any{
 		"imagePullPolicy": helper.ImagePullPolicyFromString(vp.controllerConfig.ImagePullPolicy),
-		"pspDisabled":     gardencorev1beta1helper.IsPSPDisabled(cluster.Shoot),
 		"podAnnotations": map[string]interface{}{
 			"checksum/secret-" + metal.FirewallControllerManagerDeploymentName: checksums[metal.FirewallControllerManagerDeploymentName],
 			"checksum/secret-cloudprovider":                                    checksums[v1beta1constants.SecretNameCloudProvider],
@@ -613,7 +605,6 @@ func (vp *valuesProvider) getControlPlaneShootChartValues(ctx context.Context, c
 
 	values := map[string]any{
 		"imagePullPolicy": helper.ImagePullPolicyFromString(vp.controllerConfig.ImagePullPolicy),
-		"pspDisabled":     gardencorev1beta1helper.IsPSPDisabled(cluster.Shoot),
 		"apiserverIPs":    apiserverIPs,
 		"nodeCIDR":        nodeCIDR,
 		"duros":           durosValues,
@@ -699,7 +690,6 @@ func (vp *valuesProvider) GetStorageClassesChartValues(_ context.Context, contro
 	}
 
 	values := map[string]interface{}{
-		"pspDisabled":           gardencorev1beta1helper.IsPSPDisabled(cluster.Shoot),
 		"isDefaultStorageClass": isDefaultSC,
 	}
 
@@ -744,7 +734,6 @@ func getCCMChartValues(
 	}
 
 	values := map[string]interface{}{
-		"pspDisabled": gardencorev1beta1helper.IsPSPDisabled(cluster.Shoot),
 		"cloudControllerManager": map[string]interface{}{
 			"replicas":               extensionscontroller.GetControlPlaneReplicas(cluster, scaledDown, 1),
 			"projectID":              projectID,
@@ -888,7 +877,6 @@ func getStorageControlPlaneChartValues(ctx context.Context, client client.Client
 	}
 
 	values := map[string]any{
-		"pspDisabled": gardencorev1beta1helper.IsPSPDisabled(cluster.Shoot),
 		"duros": map[string]any{
 			"enabled":        storageConfig.Duros.Enabled,
 			"replicas":       extensionscontroller.GetReplicas(cluster, 1),