diff --git a/bootstrap/calico/namespace.yaml b/bootstrap/calico/namespace.yaml
index 65f8e79629eef7f56c6c40651bc408eceba28c51..63f92a7b7c0444bc65bbeb0fb35f1ba964766887 100644
--- a/bootstrap/calico/namespace.yaml
+++ b/bootstrap/calico/namespace.yaml
@@ -7,3 +7,6 @@ metadata:
     pod-security.kubernetes.io/enforce: privileged
     pod-security.kubernetes.io/audit: privileged
     pod-security.kubernetes.io/warn: privileged
+    pod-security.kubernetes.io/audit-version: 1.23
+    pod-security.kubernetes.io/enforce-version: 1.23
+    pod-security.kubernetes.io/warn-version: 1.23
diff --git a/infrastructure/cert-manager/namespace.yaml b/infrastructure/cert-manager/namespace.yaml
index 4555234eaea60f61402eef9f6ab7ea46f34ee1e5..410ae335923f6482868d9b3cb26002d9f5324bad 100644
--- a/infrastructure/cert-manager/namespace.yaml
+++ b/infrastructure/cert-manager/namespace.yaml
@@ -3,5 +3,10 @@ kind: Namespace
 metadata:
   name: cert-manager
   labels:
-    name: cert-manager
+    pod-security.kubernetes.io/audit: restricted
+    pod-security.kubernetes.io/enforce: baseline
+    pod-security.kubernetes.io/warn: restricted
+    pod-security.kubernetes.io/audit-version: 1.23
+    pod-security.kubernetes.io/enforce-version: 1.23
+    pod-security.kubernetes.io/warn-version: 1.23
     kyverno.shivering-isles.com/class: "system"
diff --git a/infrastructure/drivers/namespace.yaml b/infrastructure/drivers/namespace.yaml
index 09f50de0c086f576d0fd805493ffd5b424004063..68fe0593c7e3976cae1f82aa75473525087f6a06 100644
--- a/infrastructure/drivers/namespace.yaml
+++ b/infrastructure/drivers/namespace.yaml
@@ -3,5 +3,10 @@ kind: Namespace
 metadata:
   name: drivers-system
   labels:
-    name: drivers-system
+    pod-security.kubernetes.io/audit: privileged
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/warn: privileged
+    pod-security.kubernetes.io/audit-version: 1.23
+    pod-security.kubernetes.io/enforce-version: 1.23
+    pod-security.kubernetes.io/warn-version: 1.23
     kyverno.shivering-isles.com/class: "system"
diff --git a/infrastructure/k8up/namespace.yaml b/infrastructure/k8up/namespace.yaml
index 2d4e979477597afa541dd3440f34b4862da56942..dd4a043d7f065bcbac1e50b78e0ae6aaaada306a 100644
--- a/infrastructure/k8up/namespace.yaml
+++ b/infrastructure/k8up/namespace.yaml
@@ -3,5 +3,10 @@ kind: Namespace
 metadata:
   name: k8up-system
   labels:
-    name: k8up-system
-    kyverno.shivering-isles.com/class: "system" 
+    pod-security.kubernetes.io/audit: restricted
+    pod-security.kubernetes.io/enforce: baseline
+    pod-security.kubernetes.io/warn: restricted
+    pod-security.kubernetes.io/audit-version: 1.23
+    pod-security.kubernetes.io/enforce-version: 1.23
+    pod-security.kubernetes.io/warn-version: 1.23
+    kyverno.shivering-isles.com/class: "system"
diff --git a/infrastructure/kubenav/namespace.yaml b/infrastructure/kubenav/namespace.yaml
index 75ec10bb68be711f98e4cafdaab4b5ee9b336632..53162f1cb95f7d3ebfbb0afc0c7a6625cf01c7a8 100644
--- a/infrastructure/kubenav/namespace.yaml
+++ b/infrastructure/kubenav/namespace.yaml
@@ -3,5 +3,10 @@ kind: Namespace
 metadata:
   name: kubenav-system
   labels:
-    name: kubenav-system
+    pod-security.kubernetes.io/audit: restricted
+    pod-security.kubernetes.io/enforce: restricted
+    pod-security.kubernetes.io/warn: restricted
+    pod-security.kubernetes.io/audit-version: 1.23
+    pod-security.kubernetes.io/enforce-version: 1.23
+    pod-security.kubernetes.io/warn-version: 1.23
     kyverno.shivering-isles.com/class: "system"
diff --git a/infrastructure/loki/namespace.yaml b/infrastructure/loki/namespace.yaml
index d0ca51d76589fd85a39b3fff4444923825a33dd9..bccd86da33fb013d5c5a0c2b52ee6c03a650eb3a 100644
--- a/infrastructure/loki/namespace.yaml
+++ b/infrastructure/loki/namespace.yaml
@@ -7,3 +7,6 @@ metadata:
     pod-security.kubernetes.io/enforce: privileged
     pod-security.kubernetes.io/audit: privileged
     pod-security.kubernetes.io/warn: privileged
+    pod-security.kubernetes.io/audit-version: 1.23
+    pod-security.kubernetes.io/enforce-version: 1.23
+    pod-security.kubernetes.io/warn-version: 1.23
diff --git a/infrastructure/longhorn/namespace.yaml b/infrastructure/longhorn/namespace.yaml
index 12fdb44283b0b191f3f4983c37b126a7820c4f84..8a3d95c36867f3942dd79d388cd60a562a1cd38b 100644
--- a/infrastructure/longhorn/namespace.yaml
+++ b/infrastructure/longhorn/namespace.yaml
@@ -9,3 +9,6 @@ metadata:
     pod-security.kubernetes.io/enforce: privileged
     pod-security.kubernetes.io/audit: privileged
     pod-security.kubernetes.io/warn: privileged
+    pod-security.kubernetes.io/audit-version: 1.23
+    pod-security.kubernetes.io/enforce-version: 1.23
+    pod-security.kubernetes.io/warn-version: 1.23
diff --git a/infrastructure/metallb/namespace.yaml b/infrastructure/metallb/namespace.yaml
index f7ad6ef9bee5d521441a09fe4e5a56a9cba47d46..a1e350ddb79b2a6d0148e1521fb47ccd9b9a146d 100644
--- a/infrastructure/metallb/namespace.yaml
+++ b/infrastructure/metallb/namespace.yaml
@@ -8,3 +8,6 @@ metadata:
     pod-security.kubernetes.io/enforce: privileged
     pod-security.kubernetes.io/audit: privileged
     pod-security.kubernetes.io/warn: privileged
+    pod-security.kubernetes.io/audit-version: 1.23
+    pod-security.kubernetes.io/enforce-version: 1.23
+    pod-security.kubernetes.io/warn-version: 1.23
diff --git a/infrastructure/monitoring/namespace.yaml b/infrastructure/monitoring/namespace.yaml
index 6e28f37a1d0700cd80ab21d5afe03b099094c32e..fe367242116c04249b9777185ca7afd91b9b308c 100644
--- a/infrastructure/monitoring/namespace.yaml
+++ b/infrastructure/monitoring/namespace.yaml
@@ -9,3 +9,6 @@ metadata:
     pod-security.kubernetes.io/enforce: privileged
     pod-security.kubernetes.io/audit: privileged
     pod-security.kubernetes.io/warn: privileged
+    pod-security.kubernetes.io/audit-version: 1.23
+    pod-security.kubernetes.io/enforce-version: 1.23
+    pod-security.kubernetes.io/warn-version: 1.23
diff --git a/infrastructure/nginx-system/namespace.yaml b/infrastructure/nginx-system/namespace.yaml
index b1078460eab1a5555ed019e640980e09a7b213df..c1db153e3a677baecb276f63ea3c2f85c4e60dd1 100644
--- a/infrastructure/nginx-system/namespace.yaml
+++ b/infrastructure/nginx-system/namespace.yaml
@@ -3,6 +3,11 @@ kind: Namespace
 metadata:
   name: nginx-system
   labels:
-    name: nginx-system
-    kyverno.shivering-isles.com/class: "system" 
+    pod-security.kubernetes.io/audit: restricted
+    pod-security.kubernetes.io/enforce: baseline
+    pod-security.kubernetes.io/warn: restricted
+    pod-security.kubernetes.io/audit-version: 1.23
+    pod-security.kubernetes.io/enforce-version: 1.23
+    pod-security.kubernetes.io/warn-version: 1.23
+    kyverno.shivering-isles.com/class: "system"
     ingress.shivering-isles.com/network-access-required: "true"
diff --git a/infrastructure/node-features/namespace.yaml b/infrastructure/node-features/namespace.yaml
index 78b38b95a96d5b365e1c13715ad47e2be52d9e39..01eb6f9ec703758ab3f0714f3cd85bb6bdf00b4f 100644
--- a/infrastructure/node-features/namespace.yaml
+++ b/infrastructure/node-features/namespace.yaml
@@ -8,3 +8,6 @@ metadata:
     pod-security.kubernetes.io/enforce: privileged
     pod-security.kubernetes.io/audit: privileged
     pod-security.kubernetes.io/warn: privileged
+    pod-security.kubernetes.io/audit-version: 1.23
+    pod-security.kubernetes.io/enforce-version: 1.23
+    pod-security.kubernetes.io/warn-version: 1.23
diff --git a/infrastructure/postgres/namespace.yaml b/infrastructure/postgres/namespace.yaml
index f2b5639f2974448d14540d600b52b0cfd4aad99c..dd7fa650b00f89f9d7da2f3defba4eaaf4ea1d5c 100644
--- a/infrastructure/postgres/namespace.yaml
+++ b/infrastructure/postgres/namespace.yaml
@@ -3,6 +3,11 @@ kind: Namespace
 metadata:
   name: postgres-system
   labels:
-    name: postgres-system
+    pod-security.kubernetes.io/audit: restricted
+    pod-security.kubernetes.io/enforce: baseline
+    pod-security.kubernetes.io/warn: restricted
+    pod-security.kubernetes.io/audit-version: 1.23
+    pod-security.kubernetes.io/enforce-version: 1.23
+    pod-security.kubernetes.io/warn-version: 1.23
     kyverno.shivering-isles.com/class: "system"
     database.shivering-isles.com/network-access-required: "true"
diff --git a/infrastructure/starboard/namespace.yaml b/infrastructure/starboard/namespace.yaml
index b8e0b9013feddfe6abb3fa4fc643aaa333f3ddbe..4aec73b6ddbb17941225cb3cc139a52b7aadab8e 100644
--- a/infrastructure/starboard/namespace.yaml
+++ b/infrastructure/starboard/namespace.yaml
@@ -3,5 +3,10 @@ kind: Namespace
 metadata:
   name: starboard-system
   labels:
-    name: starboard-system
+    pod-security.kubernetes.io/audit: restricted
+    pod-security.kubernetes.io/enforce: baseline
+    pod-security.kubernetes.io/warn: restricted
+    pod-security.kubernetes.io/audit-version: 1.23
+    pod-security.kubernetes.io/enforce-version: 1.23
+    pod-security.kubernetes.io/warn-version: 1.23
     kyverno.shivering-isles.com/class: "system"