Closed stavros-k closed 1 year ago
this is the recommended approach https://www.talos.dev/v1.5/learn-more/knowledge-base/#disable-admissioncontrol-on-control-plane-nodes
Aha, I see, yes that seem to work.
I suppose the --config-patch-control-plane
executes after the default config is generated?
Thanks, probably this should be closed?
I suppose the --config-patch-control-plane executes after the default config is generated?
it applies to the generated config
Thanks, probably this should be closed?
yes, if the issue is resolved :+1:
Bug Report
Problems with JSON patching on
.cluster.apiServer
while generation config.Description
file:
patch.yaml
Execute:
Output:
However omitting the patch, ends up with admissionControl being present. Note, that my actual scenario is to patch admissionControl to
add
stuff, but same thing happens. Just simplified the test case here.Using the following, makes the command execution succeed.:
But, now the resulting files, under the
.cluster.apiServer
contain only theadmissionControl
. Soimage: ...
, anddisablePodSecurityPolicy: true
are missing.Using strategic patching, trying to override the whole
admissionControl
(used samename
) It end's up with duplicatenamespaces
(kube-system
). I won't expand on this, as it probably needs a new bug report (let me know)Logs
Environment