From 52e79be0aee2e08df25850d10ad4021226bccd1e Mon Sep 17 00:00:00 2001
From: biswajit-9776 <biswajitpatt139@gmail.com>
Date: Wed, 26 Jun 2024 01:02:46 +0530
Subject: [PATCH 1/2] Patched other namespaces in common with PSS labels

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>
---
 contrib/security/PSS/static/baseline/kustomization.yaml     | 1 +
 .../PSS/static/baseline/patches/cert-manager-labels.yaml    | 6 ++++++
 contrib/security/PSS/static/restricted/kustomization.yaml   | 3 ++-
 .../PSS/static/restricted/patches/cert-manager-labels.yaml  | 6 ++++++
 4 files changed, 15 insertions(+), 1 deletion(-)
 create mode 100644 contrib/security/PSS/static/baseline/patches/cert-manager-labels.yaml
 create mode 100644 contrib/security/PSS/static/restricted/patches/cert-manager-labels.yaml

diff --git a/contrib/security/PSS/static/baseline/kustomization.yaml b/contrib/security/PSS/static/baseline/kustomization.yaml
index 0b0db4660a..f372a3acbf 100644
--- a/contrib/security/PSS/static/baseline/kustomization.yaml
+++ b/contrib/security/PSS/static/baseline/kustomization.yaml
@@ -4,3 +4,4 @@ kind: Component
 patches:
 - path: patches/kubeflow-labels.yaml
 - path: patches/istio-labels.yaml
+- path: patches/cert-manager-labels.yaml
diff --git a/contrib/security/PSS/static/baseline/patches/cert-manager-labels.yaml b/contrib/security/PSS/static/baseline/patches/cert-manager-labels.yaml
new file mode 100644
index 0000000000..7ca928a1a1
--- /dev/null
+++ b/contrib/security/PSS/static/baseline/patches/cert-manager-labels.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cert-manager
+  labels:
+    pod-security.kubernetes.io/enforce: baseline
\ No newline at end of file
diff --git a/contrib/security/PSS/static/restricted/kustomization.yaml b/contrib/security/PSS/static/restricted/kustomization.yaml
index bc566efe95..b438faaf0b 100644
--- a/contrib/security/PSS/static/restricted/kustomization.yaml
+++ b/contrib/security/PSS/static/restricted/kustomization.yaml
@@ -3,4 +3,5 @@ kind: Component
 
 patches:
 - path: patches/kubeflow-labels.yaml
-- path: patches/istio-labels.yaml
\ No newline at end of file
+- path: patches/istio-labels.yaml
+- path: patches/cert-manager-labels.yaml
\ No newline at end of file
diff --git a/contrib/security/PSS/static/restricted/patches/cert-manager-labels.yaml b/contrib/security/PSS/static/restricted/patches/cert-manager-labels.yaml
new file mode 100644
index 0000000000..0f4608ccab
--- /dev/null
+++ b/contrib/security/PSS/static/restricted/patches/cert-manager-labels.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cert-manager
+  labels:
+    pod-security.kubernetes.io/enforce: restricted
\ No newline at end of file

From 0497f84fa23a35170b52f216e2d53157b4736918 Mon Sep 17 00:00:00 2001
From: biswajit-9776 <biswajitpatt139@gmail.com>
Date: Wed, 26 Jun 2024 01:18:58 +0530
Subject: [PATCH 2/2] Patched dex and oauth2-proxy namespace with PSS labels

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>
---
 contrib/security/PSS/static/baseline/kustomization.yaml     | 2 ++
 .../security/PSS/static/baseline/patches/dex-labels.yaml    | 6 ++++++
 .../PSS/static/baseline/patches/oauth2-proxy-labels.yaml    | 6 ++++++
 contrib/security/PSS/static/restricted/kustomization.yaml   | 4 +++-
 .../security/PSS/static/restricted/patches/dex-labels.yaml  | 6 ++++++
 .../PSS/static/restricted/patches/oauth2-proxy-labels.yaml  | 6 ++++++
 6 files changed, 29 insertions(+), 1 deletion(-)
 create mode 100644 contrib/security/PSS/static/baseline/patches/dex-labels.yaml
 create mode 100644 contrib/security/PSS/static/baseline/patches/oauth2-proxy-labels.yaml
 create mode 100644 contrib/security/PSS/static/restricted/patches/dex-labels.yaml
 create mode 100644 contrib/security/PSS/static/restricted/patches/oauth2-proxy-labels.yaml

diff --git a/contrib/security/PSS/static/baseline/kustomization.yaml b/contrib/security/PSS/static/baseline/kustomization.yaml
index f372a3acbf..3eea89f2c3 100644
--- a/contrib/security/PSS/static/baseline/kustomization.yaml
+++ b/contrib/security/PSS/static/baseline/kustomization.yaml
@@ -5,3 +5,5 @@ patches:
 - path: patches/kubeflow-labels.yaml
 - path: patches/istio-labels.yaml
 - path: patches/cert-manager-labels.yaml
+- path: patches/dex-labels.yaml
+- path: patches/oauth2-proxy-labels.yaml
diff --git a/contrib/security/PSS/static/baseline/patches/dex-labels.yaml b/contrib/security/PSS/static/baseline/patches/dex-labels.yaml
new file mode 100644
index 0000000000..2498c1396a
--- /dev/null
+++ b/contrib/security/PSS/static/baseline/patches/dex-labels.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: auth
+  labels:
+    pod-security.kubernetes.io/enforce: baseline
\ No newline at end of file
diff --git a/contrib/security/PSS/static/baseline/patches/oauth2-proxy-labels.yaml b/contrib/security/PSS/static/baseline/patches/oauth2-proxy-labels.yaml
new file mode 100644
index 0000000000..62cf0377e2
--- /dev/null
+++ b/contrib/security/PSS/static/baseline/patches/oauth2-proxy-labels.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: oauth2-proxy
+  labels:
+    pod-security.kubernetes.io/enforce: baseline
\ No newline at end of file
diff --git a/contrib/security/PSS/static/restricted/kustomization.yaml b/contrib/security/PSS/static/restricted/kustomization.yaml
index b438faaf0b..ec133f809c 100644
--- a/contrib/security/PSS/static/restricted/kustomization.yaml
+++ b/contrib/security/PSS/static/restricted/kustomization.yaml
@@ -4,4 +4,6 @@ kind: Component
 patches:
 - path: patches/kubeflow-labels.yaml
 - path: patches/istio-labels.yaml
-- path: patches/cert-manager-labels.yaml
\ No newline at end of file
+- path: patches/cert-manager-labels.yaml
+- path: patches/dex-labels.yaml
+- path: patches/oauth2-proxy-labels.yaml
\ No newline at end of file
diff --git a/contrib/security/PSS/static/restricted/patches/dex-labels.yaml b/contrib/security/PSS/static/restricted/patches/dex-labels.yaml
new file mode 100644
index 0000000000..01e6efcc92
--- /dev/null
+++ b/contrib/security/PSS/static/restricted/patches/dex-labels.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: auth
+  labels:
+    pod-security.kubernetes.io/enforce: restricted
\ No newline at end of file
diff --git a/contrib/security/PSS/static/restricted/patches/oauth2-proxy-labels.yaml b/contrib/security/PSS/static/restricted/patches/oauth2-proxy-labels.yaml
new file mode 100644
index 0000000000..99b0289ed8
--- /dev/null
+++ b/contrib/security/PSS/static/restricted/patches/oauth2-proxy-labels.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: oauth2-proxy
+  labels:
+    pod-security.kubernetes.io/enforce: restricted
\ No newline at end of file