diff --git a/kube/deploy/core/monitoring/_deps/ns.yaml b/kube/deploy/core/monitoring/_deps/ns.yaml
index ef4dd87a..7dfcb662 100644
--- a/kube/deploy/core/monitoring/_deps/ns.yaml
+++ b/kube/deploy/core/monitoring/_deps/ns.yaml
@@ -5,3 +5,5 @@ metadata:
   name: monitoring
   labels:
     kustomize.toolkit.fluxcd.io/prune: disabled
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/enforce-version: latest
diff --git a/kube/deploy/core/monitoring/kps/app/hr.yaml b/kube/deploy/core/monitoring/kps/app/hr.yaml
index 4bf78fb0..db9fd613 100644
--- a/kube/deploy/core/monitoring/kps/app/hr.yaml
+++ b/kube/deploy/core/monitoring/kps/app/hr.yaml
@@ -31,7 +31,7 @@ spec:
     alertmanager:
       enabled: false
     nodeExporter:
-      enabled: false
+      enabled: true # TODO: 2023-11-20: temporary, standalone node-exporter isn't working, remember to remove pod-security labels on monitoring
     grafana:
       enabled: false
       forceDeployDashboards: true