set default namespace values

awgreene · awgreene · commit 8aa4e29f0f6b · 2022-12-13T17:35:39.000-08:00
diff --git a/deploy/chart/templates/0000_50_olm_00-namespace.yaml b/deploy/chart/templates/0000_50_olm_00-namespace.yaml
@@ -6,6 +6,8 @@ metadata:
     {{- if .Values.namespace_psa }}
     pod-security.kubernetes.io/enforce: {{ .Values.namespace_psa.enforceLevel }}
     pod-security.kubernetes.io/enforce-version: {{ .Values.namespace_psa.enforceVersion }}
+    pod-security.kubernetes.io/audit: restricted
+    pod-security.kubernetes.io/warn: restricted
     {{- end }}
 
 ---
@@ -17,4 +19,6 @@ metadata:
     {{- if .Values.operator_namespace_psa }}
     pod-security.kubernetes.io/enforce: {{ .Values.operator_namespace_psa.enforceLevel }}
     pod-security.kubernetes.io/enforce-version: {{ .Values.operator_namespace_psa.enforceVersion }}
+    pod-security.kubernetes.io/audit: restricted
+    pod-security.kubernetes.io/warn: restricted
     {{- end }}
diff --git a/deploy/chart/values.yaml b/deploy/chart/values.yaml
@@ -2,7 +2,7 @@ rbacApiVersion: rbac.authorization.k8s.io
 namespace: operator-lifecycle-manager
 # see https://kubernetes.io/docs/concepts/security/pod-security-admission/ for more details
 namespace_psa: 
-  enforceLevel: restricted
+  enforceLevel: baseline
   enforceVersion: latest
 catalog_namespace: operator-lifecycle-manager
 operator_namespace: operators
