diff --git a/Makefile b/Makefile
index d7e63fd..35d218a 100644
--- a/Makefile
+++ b/Makefile
@@ -3,7 +3,7 @@ install-router:
 
 gen-talos-config:
 	mkdir -p talos/generated
-	talosctl gen config --with-secrets secrets.yaml --config-patch @talos/patches/controlplane.patch --config-patch @talos/patches/openebs.patch --config-patch @talos/patches/zoma-dibaiyin.patch --output-types controlplane -o talos/generated/zoma-dibaiyin.yaml homelab https://kube-api.homelab.lumpiasty.xyz:6443
+	talosctl gen config --with-secrets secrets.yaml --config-patch @talos/patches/controlplane.patch --config-patch @talos/patches/openebs.patch --config-patch @talos/patches/openbao.patch --config-patch @talos/patches/zoma-dibaiyin.patch --output-types controlplane -o talos/generated/zoma-dibaiyin.yaml homelab https://kube-api.homelab.lumpiasty.xyz:6443
 	talosctl gen config --with-secrets secrets.yaml --config-patch @talos/patches/controlplane.patch --output-types worker -o talos/generated/worker.yaml homelab https://kube-api.homelab.lumpiasty.xyz:6443
 	talosctl gen config --with-secrets secrets.yaml --output-types talosconfig -o talos/generated/talosconfig homelab https://kube-api.homelab.lumpiasty.xyz:6443
 	talosctl config endpoint kube-api.homelab.lumpiasty.xyz
diff --git a/talos/patches/openbao.patch b/talos/patches/openbao.patch
new file mode 100644
index 0000000..1c731aa
--- /dev/null
+++ b/talos/patches/openbao.patch
@@ -0,0 +1,11 @@
+# CSI driver requirement
+cluster:
+  apiServer:
+    admissionControl:
+      - name: PodSecurity
+        configuration:
+          apiVersion: pod-security.admission.config.k8s.io/v1beta1
+          kind: PodSecurityConfiguration
+          exemptions:
+            namespaces:
+              - openbao
\ No newline at end of file