Add pod security labels to managed namespace for Rook-Ceph

2025-11-08 20:13:13 +01:00 · 2025-11-08 20:13:13 +01:00 · 6094ec5247
commit 6094ec5247
parent a851391af3
2 changed files with 5 additions and 11 deletions
--- a/apps/ceph/operator/application.yaml
+++ b/apps/ceph/operator/application.yaml
@ -27,3 +27,8 @@ spec:
    syncOptions:
      - CreateNamespace=true
      - ServerSideApply=true
+    managedNamespaceMetadata:
+      labels:
+        pod-security.kubernetes.io/enforce: privileged
+        pod-security.kubernetes.io/audit: privileged
+        pod-security.kubernetes.io/warn: privileged
--- a/apps/ceph/operator/values.yaml
+++ b/apps/ceph/operator/values.yaml
@ -22,14 +22,3 @@ rook-ceph:
    limits:
      cpu: 500m
      memory: 512Mi
-
-  # Ensure namespace has proper labels for Talos
-  extraObjects:
-    - apiVersion: v1
-      kind: Namespace
-      metadata:
-        name: rook-ceph
-        labels:
-          pod-security.kubernetes.io/enforce: privileged
-          pod-security.kubernetes.io/audit: privileged
-          pod-security.kubernetes.io/warn: privileged