From 494a27ea6b6816943c4e8c8b5ba70af54fd9439f Mon Sep 17 00:00:00 2001
From: Marco van Zijl <marco@mvzijl.nl>
Date: Sat, 8 Nov 2025 20:08:19 +0100
Subject: [PATCH] Add namespace configuration with security labels for Talos

---
 apps/ceph/operator/values.yaml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/apps/ceph/operator/values.yaml b/apps/ceph/operator/values.yaml
index acc6440..d2ae365 100644
--- a/apps/ceph/operator/values.yaml
+++ b/apps/ceph/operator/values.yaml
@@ -22,3 +22,14 @@ rook-ceph:
     limits:
       cpu: 500m
       memory: 512Mi
+
+# Ensure namespace has proper labels for Talos
+extraObjects:
+  - apiVersion: v1
+    kind: Namespace
+    metadata:
+      name: rook-ceph
+      labels:
+        pod-security.kubernetes.io/enforce: privileged
+        pod-security.kubernetes.io/audit: privileged
+        pod-security.kubernetes.io/warn: privileged