diff --git a/apps/base/renovate/kustomization.yaml b/apps/base/renovate/kustomization.yaml
index 68348b99c4e5089d68761c1269439cf3dd0de046..644684573dbb8d35aaeb8046e759966ec9d8ecdd 100644
--- a/apps/base/renovate/kustomization.yaml
+++ b/apps/base/renovate/kustomization.yaml
@@ -7,4 +7,5 @@ resources:
   - release.yaml
 
 components:
-  - ../../../shared/components/flux-namespace-admin
\ No newline at end of file
+  - ../../../shared/components/flux-namespace-admin
+  - ../../../shared/components/namespace-baseline
\ No newline at end of file
diff --git a/apps/base/renovate/namespace.yaml b/apps/base/renovate/namespace.yaml
index 572a3f4db5f3db9c6e94c801f70b4660c2ac0956..ec7c378f13421fd52ac43bda1a01a3e029509b52 100644
--- a/apps/base/renovate/namespace.yaml
+++ b/apps/base/renovate/namespace.yaml
@@ -2,10 +2,3 @@ apiVersion: v1
 kind: Namespace
 metadata:
   name: renovate
-  labels:
-    pod-security.kubernetes.io/audit: restricted
-    pod-security.kubernetes.io/enforce: baseline
-    pod-security.kubernetes.io/warn: restricted
-    pod-security.kubernetes.io/audit-version: v1.26
-    pod-security.kubernetes.io/enforce-version: v1.23
-    pod-security.kubernetes.io/warn-version: v1.26
diff --git a/shared/components/namespace-baseline/kustomization.yaml b/shared/components/namespace-baseline/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..e748e75a5dab68574f75253f440fa2f27d1d3d78
--- /dev/null
+++ b/shared/components/namespace-baseline/kustomization.yaml
@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+
+patches:
+  - path: namespace.yaml
+    target:
+      kind: Namespace
\ No newline at end of file
diff --git a/shared/components/namespace-baseline/namespace.yaml b/shared/components/namespace-baseline/namespace.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..97788fd6e501f5ae2e633d63d227ea013df465c8
--- /dev/null
+++ b/shared/components/namespace-baseline/namespace.yaml
@@ -0,0 +1,21 @@
+- op: add
+  path: /metadata/labels
+  value: {}
+- op: add
+  path: /metadata/labels/pod-security.kubernetes.io~1audit
+  value: restricted
+- op: add
+  path: /metadata/labels/pod-security.kubernetes.io~1enforce
+  value: baseline
+- op: add
+  path: /metadata/labels/pod-security.kubernetes.io~1warn
+  value: restricted
+- op: add
+  path: /metadata/labels/pod-security.kubernetes.io~1audit-version
+  value: v1.28
+- op: add
+  path: /metadata/labels/pod-security.kubernetes.io~1enforce-version
+  value: v1.28
+- op: add
+  path: /metadata/labels/pod-security.kubernetes.io~1warn-version
+  value: v1.28