From b82140d4c9209965dd1f9991e5b51673bf0abac0 Mon Sep 17 00:00:00 2001
From: auricom <27022259+auricom@users.noreply.github.com>
Date: Fri, 30 Dec 2022 04:09:02 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=9A=91=20rook-ceph=20pod-security?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 kubernetes/apps/rook-ceph/namespace.yaml |  2 ++
 tools/wipe-rook.yaml                     | 11 +++++++++++
 2 files changed, 13 insertions(+)

diff --git a/kubernetes/apps/rook-ceph/namespace.yaml b/kubernetes/apps/rook-ceph/namespace.yaml
index 4f4d74a80..dea2828b2 100644
--- a/kubernetes/apps/rook-ceph/namespace.yaml
+++ b/kubernetes/apps/rook-ceph/namespace.yaml
@@ -5,3 +5,5 @@ metadata:
   name: rook-ceph
   labels:
     kustomize.toolkit.fluxcd.io/prune: disabled
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/enforce-version: latest
diff --git a/tools/wipe-rook.yaml b/tools/wipe-rook.yaml
index acd4ad9f2..193aa760a 100644
--- a/tools/wipe-rook.yaml
+++ b/tools/wipe-rook.yaml
@@ -1,8 +1,17 @@
 ---
 apiVersion: v1
+kind: Namespace
+metadata:
+  name: my-privileged-namespace
+  labels:
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/enforce-version: latest
+---
+apiVersion: v1
 kind: Pod
 metadata:
   name: disk-wipe-talos-node-2
+  namespace: my-privileged-namespace
 spec:
   restartPolicy: Never
   nodeName: talos-node-2
@@ -35,6 +44,7 @@ apiVersion: v1
 kind: Pod
 metadata:
   name: disk-wipe-talos-node-3
+  namespace: my-privileged-namespace
 spec:
   restartPolicy: Never
   nodeName: talos-node-3
@@ -67,6 +77,7 @@ apiVersion: v1
 kind: Pod
 metadata:
   name: disk-wipe-talos-node-4
+  namespace: my-privileged-namespace
 spec:
   restartPolicy: Never
   nodeName: talos-node-4