diff --git a/pkg/security/podsecuritypolicy/seccomp/BUILD b/pkg/security/podsecuritypolicy/seccomp/BUILD
index bce686a3621..a3b99b53ff3 100644
--- a/pkg/security/podsecuritypolicy/seccomp/BUILD
+++ b/pkg/security/podsecuritypolicy/seccomp/BUILD
@@ -13,6 +13,7 @@ go_library(
     deps = [
         "//pkg/api/pod:go_default_library",
         "//pkg/apis/core:go_default_library",
+        "//staging/src/k8s.io/api/core/v1:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/util/validation/field:go_default_library",
     ],
 )
diff --git a/pkg/security/podsecuritypolicy/seccomp/strategy.go b/pkg/security/podsecuritypolicy/seccomp/strategy.go
index 5fee30cb1f4..a9cfa421611 100644
--- a/pkg/security/podsecuritypolicy/seccomp/strategy.go
+++ b/pkg/security/podsecuritypolicy/seccomp/strategy.go
@@ -20,6 +20,7 @@ import (
 	"fmt"
 	"strings"
 
+	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	podutil "k8s.io/kubernetes/pkg/api/pod"
 	api "k8s.io/kubernetes/pkg/apis/core"
@@ -67,6 +68,15 @@ func NewStrategy(pspAnnotations map[string]string) Strategy {
 				allowAnyProfile = true
 				continue
 			}
+			// With the graduation of seccomp to GA we automatically convert
+			// the deprecated seccomp profile annotation `docker/default` to
+			// `runtime/default`. This means that we now have to automatically
+			// allow `runtime/default` if a user specifies `docker/default` and
+			// vice versa in a PSP.
+			if p == v1.DeprecatedSeccompProfileDockerDefault || p == v1.SeccompProfileRuntimeDefault {
+				allowedProfiles[v1.SeccompProfileRuntimeDefault] = true
+				allowedProfiles[v1.DeprecatedSeccompProfileDockerDefault] = true
+			}
 			allowedProfiles[p] = true
 		}
 	}
diff --git a/pkg/security/podsecuritypolicy/seccomp/strategy_test.go b/pkg/security/podsecuritypolicy/seccomp/strategy_test.go
index 4ecfc325084..1f93ee3593e 100644
--- a/pkg/security/podsecuritypolicy/seccomp/strategy_test.go
+++ b/pkg/security/podsecuritypolicy/seccomp/strategy_test.go
@@ -21,7 +21,7 @@ import (
 	"strings"
 	"testing"
 
-	"k8s.io/api/core/v1"
+	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	api "k8s.io/kubernetes/pkg/apis/core"
 )
@@ -45,6 +45,12 @@ var (
 	allowSpecificLocalhost = map[string]string{
 		AllowedProfilesAnnotationKey: v1.SeccompLocalhostProfileNamePrefix + "foo",
 	}
+	allowSpecificDockerDefault = map[string]string{
+		AllowedProfilesAnnotationKey: v1.DeprecatedSeccompProfileDockerDefault,
+	}
+	allowSpecificRuntimeDefault = map[string]string{
+		AllowedProfilesAnnotationKey: v1.SeccompProfileRuntimeDefault,
+	}
 )
 
 func TestNewStrategy(t *testing.T) {
@@ -256,6 +262,20 @@ func TestValidatePod(t *testing.T) {
 			},
 			expectedError: "",
 		},
+		"docker/default PSP annotation automatically allows runtime/default pods": {
+			pspAnnotations: allowSpecificDockerDefault,
+			podAnnotations: map[string]string{
+				api.SeccompPodAnnotationKey: v1.SeccompProfileRuntimeDefault,
+			},
+			expectedError: "",
+		},
+		"runtime/default PSP annotation automatically allows docker/default pods": {
+			pspAnnotations: allowSpecificRuntimeDefault,
+			podAnnotations: map[string]string{
+				api.SeccompPodAnnotationKey: v1.DeprecatedSeccompProfileDockerDefault,
+			},
+			expectedError: "",
+		},
 	}
 	for k, v := range tests {
 		pod := &api.Pod{