diff --git a/bundle/uds-bundle.yaml b/bundle/uds-bundle.yaml
index d9fa4c4..6fc8104 100644
--- a/bundle/uds-bundle.yaml
+++ b/bundle/uds-bundle.yaml
@@ -7,9 +7,11 @@ metadata:
   # x-release-please-end
 
 packages:
+  # this sets up the namespaces that we will need in order to configure the default databases (and corresponding secrets) that are setup below
   - name: dev-namespaces
     path: ../
     ref: 0.1.0
+
   - name: postgres-operator
     path: ../
     # x-release-please-start-version
@@ -22,3 +24,31 @@ packages:
             - name: POSTGRESQL
               description: "Configure postgres using CRs via the uds-postgres-config chart"
               path: postgresql
+              default:
+                enabled: true  # Set to false to not create the PostgreSQL resource
+                teamId: "uds"
+                volume:
+                  size: "10Gi"
+                numberOfInstances: 2
+                users:
+                  gitlab.gitlab: []  # database owner
+                  sonarqube.sonarqube: []  # database owner
+                  mattermost.mattermost: []  # database owner
+                databases:
+                  gitlabdb: gitlab.gitlab
+                  mattermostdb: mattermost.mattermost
+                  sonarqubedb: sonarqube.sonarqube
+                version: "13"
+                ingress:
+                  remoteGenerated: Anywhere
+            - name: ACID_PG_CLUSTER_NETWORKING
+              description: "Allow connectivity to the acid pg cluster for testing (see tests/ folder)"
+              path: custom
+              default:
+                - direction: Egress
+                  selector:
+                    app.kubernetes.io/name: postgres-operator
+                  remoteNamespace: acid
+                  remoteSelector:
+                    cluster-name: pg-cluster
+                  description: "Egress to a non-default pg cluster"
diff --git a/bundle/uds-config.yaml b/bundle/uds-config.yaml
index 11b058f..e69de29 100644
--- a/bundle/uds-config.yaml
+++ b/bundle/uds-config.yaml
@@ -1,19 +0,0 @@
-variables:
-  postgres-operator:
-    postgresql:
-      enabled: true  # Set to false to not create the PostgreSQL resource
-      teamId: "uds"
-      volume:
-        size: "10Gi"
-      numberOfInstances: 2
-      users:
-        gitlab.gitlab: []  # database owner
-        sonarqube.sonarqube: []  # database owner
-        mattermost.mattermost: []  # database owner
-      databases:
-        gitlabdb: gitlab.gitlab
-        mattermostdb: mattermost.mattermost
-        sonarqubedb: sonarqube.sonarqube
-      version: "13"
-      ingress:
-        remoteGenerated: Anywhere
diff --git a/chart/templates/peer-auth-exception.yaml b/chart/templates/peer-auth-exception.yaml
deleted file mode 100644
index 50f41ba..0000000
--- a/chart/templates/peer-auth-exception.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-{{- if .Capabilities.APIVersions.Has "security.istio.io/v1beta1" }}
-apiVersion: security.istio.io/v1beta1
-kind: PeerAuthentication
-metadata:
-  name: postgres-istio-exceptions
-  namespace: {{ .Release.Namespace }}
-spec:
-  mtls:
-    mode: STRICT
-  selector:
-    matchLabels:
-      cluster-name: pg-cluster
-  portLevelMtls:
-    "5432":
-      mode: PERMISSIVE
-{{- end }}
diff --git a/chart/templates/postgres-minimal.yaml b/chart/templates/postgres-minimal.yaml
index 43bf16a..b57d40c 100644
--- a/chart/templates/postgres-minimal.yaml
+++ b/chart/templates/postgres-minimal.yaml
@@ -3,7 +3,7 @@ apiVersion: acid.zalan.do/v1
 kind: postgresql
 metadata:
   name: pg-cluster
-  namespace: {{ .Release.Namespace }}
+  namespace: postgres
 spec:
   teamId: {{ .Values.postgresql.teamId | quote }}
   volume:
diff --git a/chart/templates/postgres-svc.yaml b/chart/templates/postgres-svc.yaml
index d2d033c..46df14f 100644
--- a/chart/templates/postgres-svc.yaml
+++ b/chart/templates/postgres-svc.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: pg-cluster-headless
-  namespace: {{ .Release.Namespace }}
+  namespace: postgres
 spec:
   clusterIP: None
   ports:
diff --git a/chart/templates/uds-package-postgres.yaml b/chart/templates/uds-package-postgres.yaml
new file mode 100644
index 0000000..43b0b53
--- /dev/null
+++ b/chart/templates/uds-package-postgres.yaml
@@ -0,0 +1,41 @@
+{{- if .Values.postgresql.enabled }}
+apiVersion: uds.dev/v1alpha1
+kind: Package
+metadata:
+  name: postgres
+  namespace: postgres
+spec:
+  network:
+    allow:
+      - direction: Ingress
+        remoteGenerated: IntraNamespace
+
+      - direction: Egress
+        remoteGenerated: IntraNamespace
+
+    {{- if kindIs "slice" .Values.postgresql.ingress -}}
+      {{- range .Values.postgresql.ingress }}
+      - direction: Ingress
+        selector:
+          cluster-name: pg-cluster
+        {{ . | toYaml | nindent 8 }}
+      {{- end }}
+    {{- else }}
+      - direction: Ingress
+        selector:
+          cluster-name: pg-cluster
+        {{- .Values.postgresql.ingress | toYaml | nindent 8 }}
+    {{- end }}
+
+      - direction: Ingress
+        selector:
+          app.kubernetes.io/name: postgres-operator
+        remoteNamespace: {{ .Release.Namespace }}
+        remoteSelector:
+          app.kubernetes.io/name: postgres-operator
+
+      - direction: Egress
+        selector:
+          cluster-name: pg-cluster
+        remoteGenerated: KubeAPI
+{{- end }}
diff --git a/chart/templates/uds-package.yaml b/chart/templates/uds-package.yaml
index 52dc552..a1bd1d9 100644
--- a/chart/templates/uds-package.yaml
+++ b/chart/templates/uds-package.yaml
@@ -1,24 +1,37 @@
-{{- if .Values.postgresql.enabled }}
 apiVersion: uds.dev/v1alpha1
 kind: Package
 metadata:
-  name: postgres
+  name: postgres-operator
   namespace: {{ .Release.Namespace }}
 spec:
   network:
     allow:
-      - direction: Ingress
-        remoteGenerated: IntraNamespace
+      {{- if .Values.postgresql.enabled }}
       - direction: Egress
-        remoteGenerated: IntraNamespace
-      {{- if .Values.postgresql.ingress }}
-      - direction: Ingress
         selector:
+          app.kubernetes.io/name: postgres-operator
+        remoteNamespace: postgres
+        remoteSelector:
           cluster-name: pg-cluster
-        {{- .Values.postgresql.ingress | toYaml | nindent 8 }}
       {{- end }}
+
       - direction: Egress
         selector:
-          cluster-name: pg-cluster  
+          app.kubernetes.io/name: postgres-operator
         remoteGenerated: KubeAPI
-{{- end }}
+
+      # Custom rules for other scenarios (such as connecting to a non-default pg cluster)
+      {{- range .Values.custom }}
+      - direction: {{ .direction }}
+        selector:
+          {{ .selector | toYaml | nindent 10 }}
+        {{- if not .remoteGenerated }}
+        remoteNamespace: {{ .remoteNamespace }}
+        remoteSelector:
+          {{ .remoteSelector | toYaml | nindent 10 }}
+        port: {{ .port }}
+        {{- else }}
+        remoteGenerated: {{ .remoteGenerated }}
+        {{- end }}
+        description: {{ .description }}
+      {{- end }}
diff --git a/chart/values.yaml b/chart/values.yaml
index 3cc79d9..dc74311 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -1,5 +1,6 @@
 postgresql:
   enabled: false
+  ingress: []
 
 #   teamId: "uds"
 #   volume:
@@ -13,9 +14,18 @@ postgresql:
 #     yourdb: youruser
 #   version: "13"
 #   ingress:
-#     remoteGenerated: Anywhere
+#     - remoteGenerated: Anywhere
 # or
 #   ingress:
-#     remoteNamespace: tempo
-#     remoteSelector:
-#      app.kubernetes.io/name: tempo
+#     - remoteNamespace: tempo
+#       remoteSelector:
+#         app.kubernetes.io/name: tempo
+
+custom: []
+  # - direction: Egress
+  #   selector:
+  #     app.kubernetes.io/name: postgres-operator
+  #   remoteNamespace: acid
+  #   remoteSelector:
+  #     cluster-name: pg-cluster
+  #   description: "Egress to a non-default pg cluster"
diff --git a/common/zarf.yaml b/common/zarf.yaml
index 92181a6..0b9a708 100644
--- a/common/zarf.yaml
+++ b/common/zarf.yaml
@@ -9,7 +9,7 @@ components:
     required: true
     charts:
       - name: uds-postgres-config
-        namespace: postgres
+        namespace: postgres-operator
         version: 0.1.0
         localPath: ../chart
       - name: postgres-operator
@@ -20,6 +20,11 @@ components:
           - ../values/values.yaml
     actions:
       onDeploy:
+        before:
+          # this shims postgres operator versions v0.11.1-uds.1 and below to the new config chart namespace layout
+          - cmd: ./zarf tools kubectl annotate --overwrite postgresql -n postgres pg-cluster meta.helm.sh/release-namespace=postgres-operator || true
+          - cmd: ./zarf tools kubectl annotate --overwrite service -n postgres pg-cluster-headless meta.helm.sh/release-namespace=postgres-operator || true
+          - cmd: ./zarf tools kubectl annotate --overwrite package -n postgres postgres meta.helm.sh/release-namespace=postgres-operator || true
         after:
           - description: Validate Postgres Operator Package
             maxTotalSeconds: 300
diff --git a/src/namespace/gitlab-ns.yaml b/src/namespace/gitlab-ns.yaml
index e686029..db56d20 100644
--- a/src/namespace/gitlab-ns.yaml
+++ b/src/namespace/gitlab-ns.yaml
@@ -2,3 +2,7 @@ kind: Namespace
 apiVersion: v1
 metadata:
   name: gitlab
+  # This label is only needed for testing!
+  # In a real deployment this namespace would be controlled by a UDS Package / the UDS Operator
+  labels:
+    istio-injection: enabled
diff --git a/src/namespace/mattermost-ns.yaml b/src/namespace/mattermost-ns.yaml
index 2761c1b..711a65f 100644
--- a/src/namespace/mattermost-ns.yaml
+++ b/src/namespace/mattermost-ns.yaml
@@ -2,3 +2,7 @@ kind: Namespace
 apiVersion: v1
 metadata:
   name: mattermost
+  # This label is only needed for testing!
+  # In a real deployment this namespace would be controlled by a UDS Package / the UDS Operator
+  labels:
+    istio-injection: enabled
diff --git a/src/namespace/sonarqube-ns.yaml b/src/namespace/sonarqube-ns.yaml
index 2dc6f40..c67ab2d 100644
--- a/src/namespace/sonarqube-ns.yaml
+++ b/src/namespace/sonarqube-ns.yaml
@@ -2,3 +2,7 @@ kind: Namespace
 apiVersion: v1
 metadata:
   name: sonarqube
+  # This label is only needed for testing!
+  # In a real deployment this namespace would be controlled by a UDS Package / the UDS Operator
+  labels:
+    istio-injection: enabled
diff --git a/tasks.yaml b/tasks.yaml
index 4fd15d6..d3f70d7 100644
--- a/tasks.yaml
+++ b/tasks.yaml
@@ -38,6 +38,14 @@ tasks:
       - task: dependencies:create
       - task: create:test-bundle
 
+  - name: dev
+    description: Deploy Postgres Operator on existing cluster
+    actions:
+      - task: create-pg-package
+      - task: dependencies:create
+      - task: create-pg-test-bundle
+      - task: deploy:test-bundle
+
 # CI will execute the following (via uds-common/.github/actions/test) so they need to be here with these names
 
   - name: test-package
diff --git a/tests/postgres/db-seed-cross-namespace.yaml b/tests/postgres/db-seed-cross-namespace.yaml
index 189a2da..8b4db87 100644
--- a/tests/postgres/db-seed-cross-namespace.yaml
+++ b/tests/postgres/db-seed-cross-namespace.yaml
@@ -16,6 +16,8 @@ kind: Job
 metadata:
   name: db-seed-job
   namespace: gitlab
+  labels:
+    app: gitlab
 spec:
   template:
     spec:
diff --git a/tests/postgres/db-seed.yaml b/tests/postgres/db-seed.yaml
index c9d540a..cb8b844 100644
--- a/tests/postgres/db-seed.yaml
+++ b/tests/postgres/db-seed.yaml
@@ -16,6 +16,8 @@ kind: Job
 metadata:
   name: db-seed-job
   namespace: acid
+  labels:
+    app: acid
 spec:
   template:
     spec:
diff --git a/tests/postgres/postgres-minimal.yaml b/tests/postgres/postgres-minimal.yaml
index 46d2289..8ff1f6d 100644
--- a/tests/postgres/postgres-minimal.yaml
+++ b/tests/postgres/postgres-minimal.yaml
@@ -2,6 +2,10 @@ kind: Namespace
 apiVersion: v1
 metadata:
   name: acid
+  # This label is only needed for testing!
+  # In a real deployment this namespace would be controlled by a UDS Package / the UDS Operator
+  labels:
+    istio-injection: enabled
 ---
 apiVersion: acid.zalan.do/v1
 kind: postgresql