From 911d57dfde9ef08d63d62e09a07a89c98feb2982 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Mon, 17 Oct 2022 11:54:25 +0200
Subject: [PATCH] fix(apps): Relax Pod Security Standards a bit to ease
 transition

This patch resolves some downtime of forecastle and oauth pods, after
enforcing the new Pod Security Standards. Given that restricted requires
explicit definition of a lot of fields, this shall be sorted ober time,
and not on the Spot.

References:
https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
---
 apps/base/forecastle/namespace.yaml | 2 +-
 apps/base/iot/namespace.yaml        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/base/forecastle/namespace.yaml b/apps/base/forecastle/namespace.yaml
index b7c41132d..d44f877d7 100644
--- a/apps/base/forecastle/namespace.yaml
+++ b/apps/base/forecastle/namespace.yaml
@@ -4,7 +4,7 @@ metadata:
   name: forecastle
   labels:
     pod-security.kubernetes.io/audit: restricted
-    pod-security.kubernetes.io/enforce: restricted
+    pod-security.kubernetes.io/enforce: baseline
     pod-security.kubernetes.io/warn: restricted
     pod-security.kubernetes.io/audit-version: latest
     pod-security.kubernetes.io/enforce-version: latest
diff --git a/apps/base/iot/namespace.yaml b/apps/base/iot/namespace.yaml
index f3bc2f19f..cca018635 100644
--- a/apps/base/iot/namespace.yaml
+++ b/apps/base/iot/namespace.yaml
@@ -4,7 +4,7 @@ metadata:
   name: iot
   labels:
     pod-security.kubernetes.io/audit: restricted
-    pod-security.kubernetes.io/enforce: restricted
+    pod-security.kubernetes.io/enforce: baseline
     pod-security.kubernetes.io/warn: restricted
     pod-security.kubernetes.io/audit-version: latest
     pod-security.kubernetes.io/enforce-version: latest
-- 
GitLab