From d37e3a844a741429ec57c11c1f2d0bc0fcfe2596 Mon Sep 17 00:00:00 2001
From: ccaron <morze.baltyk@proton.me>
Date: Thu, 30 May 2024 12:01:01 +0200
Subject: [PATCH] Label neuvector namespace

---
 roles/deploy_neuvector/tasks/deploy.yml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/roles/deploy_neuvector/tasks/deploy.yml b/roles/deploy_neuvector/tasks/deploy.yml
index f4e2c222..47c0b1a0 100644
--- a/roles/deploy_neuvector/tasks/deploy.yml
+++ b/roles/deploy_neuvector/tasks/deploy.yml
@@ -1,4 +1,19 @@
 ---
+# Common
+- name: "Deploy Neuvector"
+  run_once: true
+  become: true
+  become_user: "{{ admin_user }}"
+  become_method: ansible.builtin.sudo
+  become_flags: "-i"
+  block:
+    - name: Create an Label namespace
+      ansible.builtin.shell: >
+        export KUBECONFIG=/home/{{ admin_user }}/.kube/{{ inventory_hostname }}.yaml;
+        kubectl create namespace neuvector;
+        kubectl label  namespace neuvector "pod-security.kubernetes.io/enforce=privileged";
+      changed_when: false
+
 # Airgap
 - name: "Deploy Neuvector"
   run_once: true