diff --git a/apps/base/forecastle/kustomization.yaml b/apps/base/forecastle/kustomization.yaml
index 6969d8b913ab7d309a845346d171249f050f26aa..0c988e077090d1cad353e1e19d07a0951bd9a31a 100644
--- a/apps/base/forecastle/kustomization.yaml
+++ b/apps/base/forecastle/kustomization.yaml
@@ -7,5 +7,10 @@ resources:
   - release.yaml
   - ../../../shared/networkpolicies/allow-from-same-namespace.yaml
   - ../../../shared/networkpolicies/allow-from-ingress.yaml
-patchesStrategicMerge:
-  - networkpolicy.yaml
+
+commonLabels:
+  app: forecastle
+
+components:
+  - ../../../shared/components/flux-namespace-admin
+  - ../../../shared/components/namespace-baseline
\ No newline at end of file
diff --git a/apps/base/forecastle/namespace.yaml b/apps/base/forecastle/namespace.yaml
index e64cf34a069e8e3f4ced7cd8e9488e28bfef28c5..e154a059ddcd1215fa76783aa6cb0cb14c35ac2c 100644
--- a/apps/base/forecastle/namespace.yaml
+++ b/apps/base/forecastle/namespace.yaml
@@ -2,30 +2,3 @@ apiVersion: v1
 kind: Namespace
 metadata:
   name: forecastle
-  labels:
-    pod-security.kubernetes.io/audit: restricted
-    pod-security.kubernetes.io/enforce: baseline
-    pod-security.kubernetes.io/warn: restricted
-    pod-security.kubernetes.io/audit-version: v1.26
-    pod-security.kubernetes.io/enforce-version: v1.23
-    pod-security.kubernetes.io/warn-version: v1.26
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: flux-reconciler
-  namespace: forecastle
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: flux-reconciler
-  namespace: forecastle
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: admin
-subjects:
-  - kind: ServiceAccount
-    name: flux-reconciler
-    namespace: forecastle
diff --git a/apps/base/forecastle/networkpolicy.yaml b/apps/base/forecastle/networkpolicy.yaml
deleted file mode 100644
index c21414a42b1dd5afcd68f30593cc778efcee5236..0000000000000000000000000000000000000000
--- a/apps/base/forecastle/networkpolicy.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: allow-from-ingress
-spec:
-  podSelector:
-    matchLabels:
-      app: forecastle
diff --git a/apps/base/forecastle/release.yaml b/apps/base/forecastle/release.yaml
index d766de55f229ed52fb7d170333d998edd1373a2a..618a5155c2617276b81dfb466e8b6b7de52f971d 100644
--- a/apps/base/forecastle/release.yaml
+++ b/apps/base/forecastle/release.yaml
@@ -3,6 +3,8 @@ kind: HelmRelease
 metadata:
   name: forecastle
   namespace: forecastle
+  annotations:
+    flux-namespace-admin.kustomize.si-infra.de/exclude-helmrelease: "true"
 spec:
   timeout: 15m
   releaseName: forecastle