diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 0d0e964e3..47358994a 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -94,6 +94,8 @@ jobs:
         name: Generate Docker metadata
         id: meta
         uses: docker/metadata-action@v4
+        env:
+          DOCKER_METADATA_PR_HEAD_SHA: ${{ github.event_name == 'pull_request' }}
         with:
           images: |
             ghcr.io/${{ github.repository }}/${{ matrix.folder }}
diff --git a/charts/drinkn/templates/namespace.yaml b/charts/drinkn/templates/namespace.yaml
index 9ca653731..efe3d90cd 100644
--- a/charts/drinkn/templates/namespace.yaml
+++ b/charts/drinkn/templates/namespace.yaml
@@ -5,4 +5,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
   name: drinkn-pr-{{.Values.pr.number}}
+  labels:
+    pod-security.kubernetes.io/warn: restricted
+    pod-security.kubernetes.io/enforce: baseline
 {{- end }}