From 57ebe7f5f01d8ddc4ce5caf236c42634af3affe2 Mon Sep 17 00:00:00 2001
From: MichalFupso <michal@tigera.io>
Date: Mon, 12 Jun 2023 13:15:30 -0700
Subject: [PATCH] Openshift namespace label (#2689)

---
 pkg/render/namespaces.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/pkg/render/namespaces.go b/pkg/render/namespaces.go
index 4bcc98abd7..286334819e 100644
--- a/pkg/render/namespaces.go
+++ b/pkg/render/namespaces.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2019-2022 Tigera, Inc. All rights reserved.
+// Copyright (c) 2019-2023 Tigera, Inc. All rights reserved.
 
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -103,6 +103,9 @@ func CreateNamespace(name string, provider operatorv1.Provider, pss PodSecurityS
 	case operatorv1.ProviderOpenShift:
 		ns.Labels["openshift.io/run-level"] = "0"
 		ns.Annotations["openshift.io/node-selector"] = ""
+		ns.Annotations["security.openshift.io/scc.podSecurityLabelSync"] = "false"
+		ns.Labels["pod-security.kubernetes.io/audit"] = string(pss)
+		ns.Labels["pod-security.kubernetes.io/warn"] = string(pss)
 	case operatorv1.ProviderAKS:
 		ns.Labels["control-plane"] = "true"
 	}