Wrong AdmissionConfiguration path in admission-controls.yaml.j2

[sasskinn12]

What happened?

After enabling hardening policies using hardening.yaml, the path for real file is: path: {{ kube_config_dir }}/admission-controls/{{ plugin | lower }}.yaml not path: {{ kube_config_dir }}/{{ plugin | lower }}.yaml as it is in template.

I suggest just update path in template?

Command i ran to enable additional security policies: ansible-playbook -v cluster.yml -i inventory/test/hosts.yaml --become --become-user=root -e "@inventory/test/group_vars/k8s_cluster/hardening.yaml" -e "@inventory/test/vars.yaml"

What did you expect to happen?

Path in /etc/kubernetes/admission-controls/admission-controls.yaml is correct and point to real policy. E.g to /etc/kubernetes/admission-controls/podsecurity.yaml in my case.

How can we reproduce it (as minimally and precisely as possible)?

ansible-playbook -v cluster.yml -i inventory/test/hosts.yaml --become --become-user=root -e "@inventory/test/group_vars/k8s_cluster/hardening.yaml" -e "@inventory/test/vars.yaml"

OS

Linux 6.8.0-48-generic x86_64 PRETTY_NAME="Ubuntu 24.04 LTS" NAME="Ubuntu" VERSION_ID="24.04" VERSION="24.04 LTS (Noble Numbat)" VERSION_CODENAME=noble ID=ubuntu ID_LIKE=debian HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" UBUNTU_CODENAME=noble LOGO=ubuntu-logo

Version of Ansible

ansible [core 2.16.13]

Version of Python

ansible [core 2.16.13]

Version of Kubespray (commit)

f9ebd45c7

Network plugin used

calico

Full inventory with variables

-

Command used to invoke ansible

ansible-playbook -v cluster.yml -i inventory/test/hosts.yaml --become --become-user=root -e "@inventory/test/group_vars/k8s_cluster/hardening.yaml" -e "@inventory/test/vars.yaml"

Output of ansible run

-

Anything else we need to know

No response