diff --git a/apps/base/forecastle/namespace.yaml b/apps/base/forecastle/namespace.yaml
index d44f877d726eddfa9be99379d9d3df6185f0eb22..9bc83d70682e7a3b60534b29afb08204876e5643 100644
--- a/apps/base/forecastle/namespace.yaml
+++ b/apps/base/forecastle/namespace.yaml
@@ -6,9 +6,9 @@ metadata:
     pod-security.kubernetes.io/audit: restricted
     pod-security.kubernetes.io/enforce: baseline
     pod-security.kubernetes.io/warn: restricted
-    pod-security.kubernetes.io/audit-version: latest
-    pod-security.kubernetes.io/enforce-version: latest
-    pod-security.kubernetes.io/warn-version: latest
+    pod-security.kubernetes.io/audit-version: 1.23
+    pod-security.kubernetes.io/enforce-version: 1.23
+    pod-security.kubernetes.io/warn-version: 1.23
 ---
 apiVersion: v1
 kind: ServiceAccount
diff --git a/apps/base/gitlab-runner/namespace.yaml b/apps/base/gitlab-runner/namespace.yaml
index a0ad4cacd7b18d7becf07bdea3603fcffcdfd89a..8398786935e17c2565efcd10d2af4e3adafc35b2 100644
--- a/apps/base/gitlab-runner/namespace.yaml
+++ b/apps/base/gitlab-runner/namespace.yaml
@@ -3,7 +3,12 @@ kind: Namespace
 metadata:
   name: gitlab-runner
   labels:
-    name: gitlab-runner
+    pod-security.kubernetes.io/audit: restricted
+    pod-security.kubernetes.io/enforce: baseline
+    pod-security.kubernetes.io/warn: restricted
+    pod-security.kubernetes.io/audit-version: 1.23
+    pod-security.kubernetes.io/enforce-version: 1.23
+    pod-security.kubernetes.io/warn-version: 1.23
 ---
 apiVersion: v1
 kind: ServiceAccount
diff --git a/apps/base/goharbor/namespace.yaml b/apps/base/goharbor/namespace.yaml
index 7134d5dd11fd6cb52e7242af9a7e5cf60026f04a..294a1d410069b28af0a18500b8efb73dacd50891 100644
--- a/apps/base/goharbor/namespace.yaml
+++ b/apps/base/goharbor/namespace.yaml
@@ -3,7 +3,12 @@ kind: Namespace
 metadata:
   name: goharbor
   labels:
-    name: goharbor
+    pod-security.kubernetes.io/audit: restricted
+    pod-security.kubernetes.io/enforce: baseline
+    pod-security.kubernetes.io/warn: restricted
+    pod-security.kubernetes.io/audit-version: 1.23
+    pod-security.kubernetes.io/enforce-version: 1.23
+    pod-security.kubernetes.io/warn-version: 1.23
 ---
 apiVersion: v1
 kind: ServiceAccount
diff --git a/apps/base/iot/namespace.yaml b/apps/base/iot/namespace.yaml
index cca0186356ad7079ba39c3a35907fc3bdb66522e..5ac0d3fb9b89ba6d11f3aaa410c4bf48b6f226de 100644
--- a/apps/base/iot/namespace.yaml
+++ b/apps/base/iot/namespace.yaml
@@ -6,9 +6,9 @@ metadata:
     pod-security.kubernetes.io/audit: restricted
     pod-security.kubernetes.io/enforce: baseline
     pod-security.kubernetes.io/warn: restricted
-    pod-security.kubernetes.io/audit-version: latest
-    pod-security.kubernetes.io/enforce-version: latest
-    pod-security.kubernetes.io/warn-version: latest
+    pod-security.kubernetes.io/audit-version: 1.23
+    pod-security.kubernetes.io/enforce-version: 1.23
+    pod-security.kubernetes.io/warn-version: 1.23
 ---
 apiVersion: v1
 kind: ServiceAccount
diff --git a/apps/base/keycloak/namespace.yaml b/apps/base/keycloak/namespace.yaml
index cd23ac328baee49ea8ca102513754e8ad054dd97..81987e97b7ff92701af2f1f839b697888f8b7506 100644
--- a/apps/base/keycloak/namespace.yaml
+++ b/apps/base/keycloak/namespace.yaml
@@ -2,6 +2,13 @@ apiVersion: v1
 kind: Namespace
 metadata:
   name: keycloak
+  labels:
+    pod-security.kubernetes.io/audit: restricted
+    pod-security.kubernetes.io/enforce: baseline
+    pod-security.kubernetes.io/warn: restricted
+    pod-security.kubernetes.io/audit-version: 1.23
+    pod-security.kubernetes.io/enforce-version: 1.23
+    pod-security.kubernetes.io/warn-version: 1.23
 ---
 apiVersion: v1
 kind: ServiceAccount
diff --git a/apps/base/mail/namespace.yaml b/apps/base/mail/namespace.yaml
index a0a4c8db81fc30c1bd122d13862676c026baa286..0f83674f6b9e71c79a2c54220c6e00300583aa49 100644
--- a/apps/base/mail/namespace.yaml
+++ b/apps/base/mail/namespace.yaml
@@ -2,6 +2,13 @@ apiVersion: v1
 kind: Namespace
 metadata:
   name: mail
+  labels:
+    pod-security.kubernetes.io/audit: restricted
+    pod-security.kubernetes.io/enforce: baseline
+    pod-security.kubernetes.io/warn: restricted
+    pod-security.kubernetes.io/audit-version: 1.23
+    pod-security.kubernetes.io/enforce-version: 1.23
+    pod-security.kubernetes.io/warn-version: 1.23
 ---
 apiVersion: v1
 kind: ServiceAccount
diff --git a/apps/base/matrix/namespace.yaml b/apps/base/matrix/namespace.yaml
index 835044fb48bf6f36cc9e1089e39c4cd2154d6b94..100984ff9629a5e22b4a4a5a68ed88eb833c3233 100644
--- a/apps/base/matrix/namespace.yaml
+++ b/apps/base/matrix/namespace.yaml
@@ -3,7 +3,12 @@ kind: Namespace
 metadata:
   name: matrix
   labels:
-    name: matrix
+    pod-security.kubernetes.io/audit: restricted
+    pod-security.kubernetes.io/enforce: baseline
+    pod-security.kubernetes.io/warn: restricted
+    pod-security.kubernetes.io/audit-version: 1.23
+    pod-security.kubernetes.io/enforce-version: 1.23
+    pod-security.kubernetes.io/warn-version: 1.23
 ---
 apiVersion: v1
 kind: ServiceAccount
diff --git a/apps/base/nextcloud/namespace.yaml b/apps/base/nextcloud/namespace.yaml
index 78e9fd1cb1093d5a15dcf9ec282d48389ea2cd19..f996b257d37bb3086cf22d3afdf2e39327b56efa 100644
--- a/apps/base/nextcloud/namespace.yaml
+++ b/apps/base/nextcloud/namespace.yaml
@@ -3,7 +3,12 @@ kind: Namespace
 metadata:
   name: nextcloud
   labels:
-    name: nextcloud
+    pod-security.kubernetes.io/audit: restricted
+    pod-security.kubernetes.io/enforce: baseline
+    pod-security.kubernetes.io/warn: restricted
+    pod-security.kubernetes.io/audit-version: 1.23
+    pod-security.kubernetes.io/enforce-version: 1.23
+    pod-security.kubernetes.io/warn-version: 1.23
 ---
 apiVersion: v1
 kind: ServiceAccount
diff --git a/apps/base/renovate/namespace.yaml b/apps/base/renovate/namespace.yaml
index c4c9e233fe0a281c3e78382ad3b9b6766b8b2152..2b029c2783486da46482b1586b569f04aa0c431d 100644
--- a/apps/base/renovate/namespace.yaml
+++ b/apps/base/renovate/namespace.yaml
@@ -3,12 +3,12 @@ kind: Namespace
 metadata:
   name: renovate
   labels:
-    pod-security.kubernetes.io/audit: "restricted"
-    pod-security.kubernetes.io/audit-version: "latest"
-    pod-security.kubernetes.io/enforce: "restricted"
-    pod-security.kubernetes.io/enforce-version: "latest"
-    pod-security.kubernetes.io/warn: "restricted"
-    pod-security.kubernetes.io/warn-version: "latest"
+    pod-security.kubernetes.io/audit: restricted
+    pod-security.kubernetes.io/enforce: baseline
+    pod-security.kubernetes.io/warn: restricted
+    pod-security.kubernetes.io/audit-version: 1.23
+    pod-security.kubernetes.io/enforce-version: 1.23
+    pod-security.kubernetes.io/warn-version: 1.23
 ---
 apiVersion: v1
 kind: ServiceAccount
diff --git a/apps/k8s01/dns/namespace.yaml b/apps/k8s01/dns/namespace.yaml
index fdd106b0c38eb9c70a6b5993167fea7eab7e2a94..f1c051be155f7676ed962c35cde9dc0632fd75a4 100644
--- a/apps/k8s01/dns/namespace.yaml
+++ b/apps/k8s01/dns/namespace.yaml
@@ -3,4 +3,9 @@ kind: Namespace
 metadata:
   name: dns
   labels:
-    name: dns
+    pod-security.kubernetes.io/audit: restricted
+    pod-security.kubernetes.io/enforce: baseline
+    pod-security.kubernetes.io/warn: restricted
+    pod-security.kubernetes.io/audit-version: 1.23
+    pod-security.kubernetes.io/enforce-version: 1.23
+    pod-security.kubernetes.io/warn-version: 1.23
diff --git a/apps/k8s01/hcloud-dynfw/namespace.yaml b/apps/k8s01/hcloud-dynfw/namespace.yaml
index 811901e78fd9e5504bb55773f9de9e2c99cec5cb..473b6890051cd4d0d215a9a6d1d6d215f0477143 100644
--- a/apps/k8s01/hcloud-dynfw/namespace.yaml
+++ b/apps/k8s01/hcloud-dynfw/namespace.yaml
@@ -3,4 +3,9 @@ kind: Namespace
 metadata:
   name: hcloud-dynfw
   labels:
-    name: hcloud-dynfw
+    pod-security.kubernetes.io/audit: restricted
+    pod-security.kubernetes.io/enforce: baseline
+    pod-security.kubernetes.io/warn: restricted
+    pod-security.kubernetes.io/audit-version: 1.23
+    pod-security.kubernetes.io/enforce-version: 1.23
+    pod-security.kubernetes.io/warn-version: 1.23
diff --git a/apps/k8s01/nas/namespace.yaml b/apps/k8s01/nas/namespace.yaml
index 0a2fde392fb2bce491fac630c4268a8cf99c8685..42c732ad1ee3f4a829528b9956d52e502cd8a295 100644
--- a/apps/k8s01/nas/namespace.yaml
+++ b/apps/k8s01/nas/namespace.yaml
@@ -3,4 +3,9 @@ kind: Namespace
 metadata:
   name: nas
   labels:
-    name: nas
+    pod-security.kubernetes.io/audit: restricted
+    pod-security.kubernetes.io/enforce: baseline
+    pod-security.kubernetes.io/warn: restricted
+    pod-security.kubernetes.io/audit-version: 1.23
+    pod-security.kubernetes.io/enforce-version: 1.23
+    pod-security.kubernetes.io/warn-version: 1.23
diff --git a/clusters/k8s01/flux-system/gotk-components.yaml b/clusters/k8s01/flux-system/gotk-components.yaml
index 0f286ac78ad813f7e8cfee1888e2d2e793d571d0..269475b70e872b951f896b471281b3c9778164a4 100644
--- a/clusters/k8s01/flux-system/gotk-components.yaml
+++ b/clusters/k8s01/flux-system/gotk-components.yaml
@@ -10,7 +10,7 @@ metadata:
     app.kubernetes.io/part-of: flux
     app.kubernetes.io/version: v0.35.0
     pod-security.kubernetes.io/warn: restricted
-    pod-security.kubernetes.io/warn-version: latest
+    pod-security.kubernetes.io/warn-version: 1.23
   name: flux-system
 ---
 apiVersion: apiextensions.k8s.io/v1