A workload (pod, deployment, daemonset, ...) was created in namespace "openshift-nfs-provisioner" but it did not match the PodSecurity "restricted" profile defined by its namespace either via the cluster-wide configuration (which triggers on a "restricted" profile violations) or by the namespace local Pod Security labels. Refer to Kubernetes documentation on Pod Security Admission to learn more about these violations.