Closed JeanGau-ops closed 2 months ago
Hi @JeanGau-ops, Sorry for the super late answer. This config should work on a Talos cluster:
hostPathsExporter:
securityContext:
privileged: true
capabilities:
add:
- SYS_ADMIN
hostPathVolumeType: null
daemonSets:
cp:
nodeSelector:
node-role.kubernetes.io/control-plane: ""
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
watchFiles:
- /etc/kubernetes/pki/ca.crt
- /var/lib/kubelet/pki/kubelet-client-current.pem
- /system/secrets/etcd/server.crt
- /system/secrets/etcd/peer.crt
- /system/secrets/etcd/ca.crt
- /system/secrets/etcd/admin.crt
- /system/secrets/kubernetes/kube-apiserver/aggregator-ca.crt
- /system/secrets/kubernetes/kube-apiserver/apiserver-kubelet-client.crt
- /system/secrets/kubernetes/kube-apiserver/apiserver.crt
- /system/secrets/kubernetes/kube-apiserver/ca.crt
- /system/secrets/kubernetes/kube-apiserver/etcd-client-ca.crt
- /system/secrets/kubernetes/kube-apiserver/etcd-client.crt
- /system/secrets/kubernetes/kube-apiserver/front-proxy-client.crt
nodes:
watchFiles:
- /etc/kubernetes/pki/ca.crt
- /var/lib/kubelet/pki/kubelet-client-current.pem
I'll add it to the documentation.
Hello, I'm trying to implement this great tool in our talos linux clusters but can't figure out how to do it properly. First I had to add "hostPathVolumeType: null" in the chart and now it returns a "permission denied" for every certificate under /system/secrets/kubernetes/ I know that some of Enix cluster are using Talos Linux too so... How did you implement this tool? Or did you?