diff --git a/apps/base/goharbor/namespace.yaml b/apps/base/goharbor/namespace.yaml
index 15df40ed4d0f5d6abb615b64d3b96cd428196022..2bc10b0062c99a0ffa694fc691fb11fb49396156 100644
--- a/apps/base/goharbor/namespace.yaml
+++ b/apps/base/goharbor/namespace.yaml
@@ -4,6 +4,7 @@ metadata:
   name: goharbor
   labels:
     name: goharbor
+    pod-security.kubernetes.io/audit: restricted
 ---
 apiVersion: v1
 kind: ServiceAccount
diff --git a/apps/base/matrix/namespace.yaml b/apps/base/matrix/namespace.yaml
index c839643f507d5f9fa5a7085e20ab2decb6ca5f91..6808781d7cdcdc1fc390f76124a09597d4e75766 100644
--- a/apps/base/matrix/namespace.yaml
+++ b/apps/base/matrix/namespace.yaml
@@ -4,6 +4,7 @@ metadata:
   name: matrix
   labels:
     name: matrix
+    pod-security.kubernetes.io/audit: restricted
 ---
 apiVersion: v1
 kind: ServiceAccount
diff --git a/infrastructure/nginx-system/release.yaml b/infrastructure/nginx-system/release.yaml
index 7ec491cdfdd97e4dae94e5ac1db58ff7073a45a7..95fd8c8f9c90266b558910875141d8a11582765b 100644
--- a/infrastructure/nginx-system/release.yaml
+++ b/infrastructure/nginx-system/release.yaml
@@ -46,6 +46,10 @@ data:
         hsts-include-subdomains: false
         enable-brotli: "true"
         use-http2: "true"
+      dnsConfig:
+        options:
+          - name: ndots
+            value: "1"
       replicaCount: 2
       minAvailable: 1
       resources: