diff --git a/CHANGELOG.md b/CHANGELOG.md
index 991298c28cf8dca80d4200a6aa06f8935f31de57..8ae7e960f863120551bc60dcd69fe796c5d39efb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/) and this p
 
 ### Changed
 - changed default priority for redirect to https to be part 9999
+- metallb needs pod-security to work correctly (needed for talos)
 
 ## 2.3.5 - 2023-09-09
 
diff --git a/charts/apps/templates/metallb.yaml b/charts/apps/templates/metallb.yaml
index bbd97a40cca5dcea1f120df2e4f64700b5e07dbe..40ccafd7979c548c81e8fa0f180ff175af4ea05f 100644
--- a/charts/apps/templates/metallb.yaml
+++ b/charts/apps/templates/metallb.yaml
@@ -23,6 +23,11 @@ spec:
     {{- end }}
     syncOptions:
       - CreateNamespace=true
+    managedNamespaceMetadata:
+      labels:
+        pod-security.kubernetes.io/enforce: privileged
+        pod-security.kubernetes.io/audit: privileged
+        pod-security.kubernetes.io/warn: privileged
   source:
     repoURL: https://metallb.github.io/metallb
     chart: metallb