From e1ee17627720cd36aa3c57dc99e165089443165b Mon Sep 17 00:00:00 2001
From: Danijel Simeunovic <danijel.simeunovic@trumf.no>
Date: Fri, 6 Mar 2026 09:44:29 +0100
Subject: [PATCH] details

---
 cluster-resources/policies/default-blocker.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/cluster-resources/policies/default-blocker.yaml b/cluster-resources/policies/default-blocker.yaml
index 858636b..394792a 100644
--- a/cluster-resources/policies/default-blocker.yaml
+++ b/cluster-resources/policies/default-blocker.yaml
@@ -15,17 +15,20 @@ spec:
   background: true
   rules:
   - name: enforce-namespace
+    skipBackgroundRequests: true
     match:
       any:
       - resources:
           kinds:
           - Pod
     validate:
+      allowExistingViolations: false
       message: Using 'default' namespace is not allowed.
       pattern:
         metadata:
           namespace: "!default"
   - name: enforce-podcontroller-namespace
+    skipBackgroundRequests: true
     match:
       any:
       - resources:
@@ -35,6 +38,7 @@ spec:
           - Job
           - StatefulSet
     validate:
+      allowExistingViolations: false
       message: Using 'default' namespace is not allowed for pod controllers.
       pattern:
         metadata: