k8s-manifests/deployments/base/namespace.yaml

apiVersion: v1
kind: Namespace
metadata:
  name: app-production
  labels:
    # Pod Security Standards - enforce restricted profile
    # See: https://kubernetes.io/docs/concepts/security/pod-security-standards/
    pod-security.kubernetes.io/enforce: restricted
    pod-security.kubernetes.io/enforce-version: latest
    pod-security.kubernetes.io/audit: restricted
    pod-security.kubernetes.io/audit-version: latest
    pod-security.kubernetes.io/warn: restricted
    pod-security.kubernetes.io/warn-version: latest