From 6a0e8bc29d4279a177ae7a53a17e41cecee9e3c9 Mon Sep 17 00:00:00 2001
From: Paulo Gomes <paulo.gomes@weave.works>
Date: Thu, 20 Jan 2022 10:17:39 +0000
Subject: [PATCH] Enable pod security warnings for flux-system

Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
---
 manifests/install/namespace.yaml     | 2 ++
 pkg/manifestgen/install/templates.go | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/manifests/install/namespace.yaml b/manifests/install/namespace.yaml
index c00a4321ea..6fb0a8f87f 100644
--- a/manifests/install/namespace.yaml
+++ b/manifests/install/namespace.yaml
@@ -2,3 +2,5 @@ apiVersion: v1
 kind: Namespace
 metadata:
   name: flux-system
+    pod-security.kubernetes.io/warn: restricted
+    pod-security.kubernetes.io/warn-version: latest
diff --git a/pkg/manifestgen/install/templates.go b/pkg/manifestgen/install/templates.go
index 8cdce3193d..ac47cf27aa 100644
--- a/pkg/manifestgen/install/templates.go
+++ b/pkg/manifestgen/install/templates.go
@@ -165,6 +165,9 @@ apiVersion: v1
 kind: Namespace
 metadata:
   name: {{.Namespace}}
+  labels:
+    pod-security.kubernetes.io/warn: restricted
+    pod-security.kubernetes.io/warn-version: latest
 `
 
 func execTemplate(obj interface{}, tmpl, filename string) error {