container lifecycle management

deploy/k8s/base/namespaces.yaml

@@ -0,0 +1,24 @@
+# Namespace definitions for dexorder AI platform
+# - dexorder-system: gateway, flink, kafka, and other infrastructure
+# - dexorder-agents: user agent containers (isolated, restricted)
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: dexorder-system
+  labels:
+    app.kubernetes.io/part-of: dexorder
+    dexorder.io/type: system
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: dexorder-agents
+  labels:
+    app.kubernetes.io/part-of: dexorder
+    dexorder.io/type: agents
+    # Enforce restricted pod security standards
+    pod-security.kubernetes.io/enforce: restricted
+    pod-security.kubernetes.io/enforce-version: latest
+    pod-security.kubernetes.io/audit: restricted
+    pod-security.kubernetes.io/warn: restricted