From 3d118328d4e96a8dc764fd26db1f94adcd78bb5a Mon Sep 17 00:00:00 2001
From: Sergiusz Urbaniak <sergiusz.urbaniak@gmail.com>
Date: Wed, 22 Sep 2021 11:52:05 +0200
Subject: [PATCH] podsecurity: enforce privileged for kube-apiserver

---
 bindata/assets/kube-apiserver/ns.yaml                          | 3 +++
 bindata/bootkube/manifests/00_openshift-kube-apiserver-ns.yaml | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/bindata/assets/kube-apiserver/ns.yaml b/bindata/assets/kube-apiserver/ns.yaml
index 9b515ab6f6..48a4add4b2 100644
--- a/bindata/assets/kube-apiserver/ns.yaml
+++ b/bindata/assets/kube-apiserver/ns.yaml
@@ -8,3 +8,6 @@ metadata:
   labels:
     openshift.io/run-level: "0"
     openshift.io/cluster-monitoring: "true"
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/audit: privileged
+    pod-security.kubernetes.io/warn: privileged
diff --git a/bindata/bootkube/manifests/00_openshift-kube-apiserver-ns.yaml b/bindata/bootkube/manifests/00_openshift-kube-apiserver-ns.yaml
index 985acb60bb..2e1d3373ef 100644
--- a/bindata/bootkube/manifests/00_openshift-kube-apiserver-ns.yaml
+++ b/bindata/bootkube/manifests/00_openshift-kube-apiserver-ns.yaml
@@ -8,3 +8,6 @@ metadata:
   labels:
     openshift.io/run-level: "0"
     openshift.io/cluster-monitoring: "true"
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/audit: privileged
+    pod-security.kubernetes.io/warn: privileged